Topic: OpenBSD and BIND 9 weakness
I thought this was interesting.
Jakob Schlyter (jakob@) wrote to misc@:
as some of you may have noticed, a new weakness in BIND 9 has
recently been discovered. using this weakness, an attacker can
remotely poison the cache of any BIND 9 server. the attacker can do
this due to a weakness in the transaction ID generation algorithm used.
when BIND 9 was first imported into OpenBSD, we decided not to use
the default ID generation algorithm (LFSR, Linear Feedback Shift
Register) but to use a more proven algorithm (LCG, Linear
Congruential Generator) instead. thanks to this wise decision, the
BIND 9 shipped with OpenBSD does not have this weakness.
the proactive security of OpenBSD strikes again,