This week it was announced that one of the core protocols that holds the internet together is fundamentally flawed. The problem is not with someone’s implementation of the protocol, but with the actual protocol itself. It’s hard to over-state just how big a deal this is. At the moment the details of the vulnerability are being kept secret to give the world time to patch, but you can get some technical information from the advisory issued by the US Cert. On Tuesday all the major DNS server vendors released patches at the same time. This is un-heard of, nothing like this has ever happened before in the history of the internet. That alone should bring home just how big this is.
Although the good-guys have successfully kept the details of the flaw secret to date, despite the large numbers of organisations involved, the reality is that the bad guys are frantically trying to figure this out as I type. It’s not a matter of if they’ll figure it out, but when. The security community have bought us time. That time should not be squandered, but used to protect the internet as a whole, and to protect ourselves.