[Dailydave] Paul Vixie's response...
Thomas Ptacek
tqbf at matasano.com
Sun Jul 13 20:13:28 EDT 2008
> i've got others (dan kaminsky, david dagon, florian weimer, CMU CERT, jinmei
> tatuya, john kristoff, ben laurie, bert hubert, sean leach) to vouch for me
> not being owned, at least regarding CERT VU# 800113. i guess there's a way
What's awesome about this is that Vixie thinks that not being
vulnerable to cache poisoning means he's not owned.
> | > 3. Map this list of TXIDs into an internal RNG state using a rainbow
> | > table. This lets you predict the next set of TXID's with just a hash
> | > lookup.
> | > 4. Make a request for mail.google.com and send your spoofed packets to
> | > infect the cache.
> that is so cool! thanks for all your great work.
What's awesome about this is that Vixie is making fun of you.
--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
More information about the Dailydave
mailing list