VeriSign adds DNS wild-cards

It seems there's another remote exploit in the wild against portable versions of OpenSSH. There is an advisory about it, and some mail. OpenBSDs included OpenSSH isn't affected apparently. I guess it's because of W^X and Propolice — proactive security.

Since the OpenSSH in NetBSD is the exact same version as OpenBSD it'll be interesting to see whether they're affected or not. FreeBSD seems to have a fix in tree already, see this diff from cvsweb.

Some companies really don't have a clue. Take for example Verisign. They just added a wildcard A record for the .com and .net TLDs, so when you ask for some nonexistent .com and .net domain you get redirected to Fortunately it's a fixable problem, look at these Verisign Countermeasures.

The server seems to be down now. Perhaps those lame script kiddiots made themselves useful for once.