From the “half truths that journo’s tell” file:
I’ve been following the Kaminsky DNS cache exploit issue closely since it was first announced – and no doubt so has everyone else in the security business. As such I was surprised to read a headline this morning that said that Metasploit founder H D Moore (and yes Virginia, there is a Santa Claus and I run Metasploit on a test machine too – who doesn’t?) had been ‘owned’ (should’ve been p’wned I think) by the DNS flaw.
The story is not true – at least according to H D Moore who claims he was misquoted by the journalist in question.
“In a recent conversation with Robert McMillan (IDG), I described a
in-the-wild attack against one of AT&T’s DNS cache servers,
specifically one that was configured as an upstream forwarder for an
internal DNS machine at BreakingPoint Systems,” H D Moore wrote in a blog post. “Shortly after our conversation, Mr. McMillan published an article
with a sensationalist title, that while containing most of the facts,
attributed a quote to me that I simply did not say. Specifically,
`”It’s funny,” he said. “I got owned.”
I’ve had the good fortune of speaking and corresponding via email with Moore a few times over the years. (Thankfully I’ve never been accused of misquoting him). I’ve also met Robert McMillan before and he seems like a decent guy.
I can’t speak to what was or wasn’t said – but I do know that material published with my byline has certainly had ‘sensationalist’ headlines over the years that some people didn’t agree with. For better or for worse, many readers simply choose to click (and read) a story simply based on the headline alone (I know that’s what pulled me into this particular Moore story).
That said with this DNS issue there have been more half baked stories published than I personally remember on any other topic since the Melissa virus broke out. The caching flaw is definitely real – and thanks to Metasploit I’ve even tried it out myself on a test machine that I’ve got. There is a patch for most DNS implementations and if one isn’t you can just point to a safe recursive DNS server at your ISP (or OpenDNS). It’s not that crazy.
As to whether or not Moore was “owned”, the sensationalist nature of this whole DNS caching exploit is the true culprit I’d bet. I’d also suggest to Moore in the spirit of his own protection that he record his calls with journalists (and first advise the journalist that he is doing so) or just stick with email, then you’ve always got a record.