tag:blogger.com,1999:blog-14114712.post5317906670549509804..comments2024-03-03T02:04:07.138-08:00Comments on ADD / XOR / ROL: halvar.flakehttp://www.blogger.com/profile/12486016980670992738noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-14114712.post-61024188545616091432008-07-14T06:53:00.000-07:002008-07-14T06:53:00.000-07:00Halvar... did you just provide a partial order on ...Halvar... did you just provide a partial order on the lattice of security threads? Damn math nerds. ;-)Knoxville Steherhttps://www.blogger.com/profile/03977196845669483314noreply@blogger.comtag:blogger.com,1999:blog-14114712.post-12168689718423466592008-07-13T05:36:00.000-07:002008-07-13T05:36:00.000-07:00I agree the net will survive - this is just anothe...I agree the net will survive - this is just another bump. I do think this has 'potential' to be a real pain in the posterior however. It all depends on how easy the sploit is. If it is 'point and click' like claimed then the bots can cause a real mess in the infrastructure. I don't agree with your assumption that everyone considers their gateway owned. We do, but we're security geeks. The average Internet user, which far outnumbers us, don't have the faintest idea how the net really works, let alone assuming their gateway is owned - or even their personal cache. Old cache poisoning exploits were pretty difficult to pull off on anything besides a one-off scale. IF, big if mind you, this is as easy as claimed then it wouldn't surprise me that much to see some of the bot-herders try a widespread DNS poison to redirect ebay or paypal to their phishing sites. That kind of activity would make a mess that will take a bit to clean up. *shrug* We'll find out in a couple weeks but if the vendors were willing to do the mass coordination it makes it seem likely there was good enough reason to do so. In the end their efforts certainly can't hurt anything.Timhttps://www.blogger.com/profile/14761781251358238536noreply@blogger.com