This is news cast 147.
In the intro, a quick review of Settlers of Catan.
The only security alert this week is a lengthy discussion of Kaminsky’s research on a DNS cache poisoning problem he discovered. Despite his plan not to disclose until vendors had thirty days to patch, details have been leaked. Wired caught up with Dan to discuss how he discovered the problem and other information about it.Bruce Schneier uses the efforts to coordinate patches as an example of why the discover-disclose-patch cycle is not enough. Since details have been leaked, there is now attack code in the wild. Many of the big ISPs are still dragging their feet though you can protect yourself by using a trusted provider like OpenDNS.
In this week’s news, a comment and link from Mike Linksvayer have me considering this piece on open cloud computing, FCC comment period on MPAA’s plea for a waiver on SOC with a summary of initial comments and a clearer explanation than mine from Jef at PK, asking whether some current case activity would invalidate many if not most software patents though PJ at Groklaw is skeptical, and a new foundation to support open web standards that is different from the W3C and IETF.
Following up this week, the researchers who demonstrated the cold boot crypto attack release their code and a lament for the state of OpenID adoption.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.