Published at LXer:
But to my way of thinking, Nominum didn't fix a thing. The article describes combining four techniques for foiling what they are now calling the Kaminsky Attack. I guess "cache poisoning" isn't glamorous enough. The techniques sound questionable, and the fixes only applies to their expensive, closed proprietary caching server. Nobody else benefits from this fix. So it's not a fix at all- it's as though they were claiming to have cleaned up a small volume of water in a large swimming pool.
Read More...