We all knew this was still flawed, just less flawed. As is stated in Dan's blog, it takes a lot more to exploit the flaw but it's still there. The only warning you get is that you would see a HUGE increase in DNS traffic. This lets you know that someone is attacking, but it does nothing to prevent the attack. Our bored Russian did nothing but prove the obvious. This patch only buys time, nothing else. GZ

When I read the title I thought, "oh, good." Then I read the article and I realized you meant he cracked an already existing patch. He did not hack a fix. Surely those at th'Inq knows the difference for god's sake.

Them Russian physicists know all about poisoning.

This attack is not very feasible in the real world. The critical nature of the original bug was that it minimized the need for a brute force attack. While being able to succeed in an attack on a local network over a GigE connection with full control over both servers is interesting, it's orders of magnitude harder to successfully perform this attack over the Internet, especially if you don't want the remote admin noticing. DNSSec is the long-term fix for this problem, but it may be rather far away.

"Russian BOG".. are they smelly Blogs with a touch of Vodka?