From: "Yves Goergen" <[EMAIL PROTECTED]>
Sent: Friday, 2008, July 25 13:39
On 25.07.2008 21:43 CE(S)T, mouss wrote:
BTW. do we have numbers on how many ISPs did update their bind
implementations (or have "safe" workarounds) after the recent bug
disclosure?
According to a Heise.de article, in Austria 2/3 of all ISPs did not yet
patch their recursive DNS servers. In US/CA, the major ISPs AT&T, BT,
Time Warner and Bell Canada also haven't upgraded yet. Kaminsky said,
according to his tests, 52% are vulnerable. Doesn't seem like the
industry is taking this very serious.
They might when the first new victim of this spoofing attack sues their ISP
for not updating their DNS servers.
{^_^}
