Earlier this year, Dan Kaminsky, director of penetration testing for IOActive, discovered a flaw in the Internet's Domain Name Server (DNS) system. In August, at the Black Hat Conference in Las Vegas, he revealed the details of the flaw, which can leave users open to the dangers of cache poisoning attacks--"tricking the DNS to accept an incorrect request which subsequently reroutes unsuspecting users to another, usually malicious, Web site," as described by the Channel Wire blog. But the trouble doesn't stop there. The vulnerability can also be used, the blog notes, "to exploit IPSec VPNs, SSL certification, automatic software update systems, spam filters, and VoIP systems."

An Associated Press article highlights the vulnerability's ability to intercept email messages, as well, but notes that "there's no evidence yet that this method of targeting email has been used in a successful attack."

The US Computer Emergency Readiness Team's Web page on the DNS vulnerability lists the systems known to be affected. Also, Dan Kaminsky has a DNS Checker on his personal blog, DoxPara Research, that lets you know whether the DNS server you use is vulnerable to attack.

See how helpful that is? This is why we don't shoot the messenger, even if we attach his name to a really horrible DNS vulnerability.

Related Articles
Kaminsky Reveals Details of Critical DNS Flaw
Major Internet Security Flaw Also Affects Email
US-CERT Vulnerability Note VU#800113
Dan Kaminsky's DoxPara Research

If you come across a bug that you think can compete for the title of Bug of the Month, send it to Joey McAllister at jmcallister@sqe.com for possible inclusion in the next Between the Lines.

STARWEST 2008 - Software Testing Analysis & Review Conference Attend the Greatest Software Testing Conference on Earth! September 29 - October 3, 2008 | Disneyland® Hotel | Anaheim, California New Expanded Program including full- and half-day tutorial learning options. Learn about new products, timely issues, and cutting-edge testing solutions. *Register Now! * http://www.sqe.com/go?SW08BTL

A Flicker of Netflix
Founded in 1997, Netflix has grown to become one of the most popular DVD rental services. According to Wikipedia, the company has more than 55 million discs, spread across 100,000 titles, and ships to 8.2 million subscribers. And, until this month, the service hadn't seen anything more than the briefest interruption.

Between August 12 and August 14, Netflix experienced "technical problems" that "affected all of the ... company's 55 shipping centers" and "severely limited the number of DVDs it could send out," according to an Associated Press article published while many Netflix users were still waiting for their next discs to arrive.

Some early reports stated that Netflix was still attempting to discern the cause of the issues, while others stated that the company simply refused to comment on the cause. The company did note that the cause was based within its own technology, and "not at all the fault of the United States Postal Service," according to an article that ran in the San Jose Mercury News.

On August 22, Netflix's head of IT operations, Mike Osier, wrote on the Netflix Community Blog that the root cause of the outage had been "identified as a key faulty hardware component." The service also gave customers affected by the outage a 15 percent credit.

Related Articles
Netflix Shipping Centers Slammed by Problems
Glitch Hampers Netflix's DVD Rentals
Wikipedia: Netflix

After Outage, Gmail "Feels Your Pain"--Remains Beta
Netflix wasn't the only service provider with a major outage this month. Many users of the free, Web-based email service Gmail tried to sign into their accounts on August 11 only to discover that the Google-powered service was inaccessible for approximately two hours.

And while some might say it was "only two hours"--as opposed to multiple days for the Netflix outage--the more popular the service, the louder the complaints when it goes down even for a short time.

Google posted an official apology on its Gmail blog, stating that the Gmail team had received emails and phone calls. It also stated that it had seen the "many Twitter posts." Some of those Twitter posts noted how unusual it was that the Twitter service, known for having its own string of outages, was up and running while Gmail was not. The Gmail blog post also mentioned that workers inside Google, who use Gmail for their company email, were among the complainers.

The issue, according to a post on TechNewsWorld, was "a temporary glitch in Google's contacts system, which was preventing Gmail from loading properly." The TechNewsWorld post also notes that the scrutiny of this outage is representative of the "hyperscrutiny" of "huge service providers" in general.

Of course, some of that scrutiny also centers on the fact that Gmail, after many years of public use, is still a "beta" product. If something goes horribly wrong with your personal or business email account hosted on Gmail, well, it's still in testing, isn't it?

Were you affected by the Gmail outage? What are your thoughts on its ongoing beta status? Tell us about it in the Survey Says! section below!

Related Articles
Gmail Spaces Out, Users Flip
Gmail Blog: We Feel Your Pain, and We're Sorry
Google's Gmail Outage: Are You Thinking Ho-Hum or How-To?

Media Spotlight:
StickyMinds SoundByte: Naomi Karten and Michele Sliger

Check out the latest StickyMinds Soundbyte, in which Francesca Matteu talks to Naomi Karten about how people respond to change differently and how to help these people transition through change as a team. Then, Francesca discusses Michele Sliger's latest column.

Listen: http://www.stickyminds.com/podcasts/#SMSB_08late
Subscribe: http://feeds.feedburner.com/StickyMindsSoundByte

ElectricCommander Vendor: Electric Cloud Address: 2307 Leghorn St               Mountain View, CA 94043 Phone: 650.968.2950 Fax: 650.968.6000 Tool URL: http://www.electric-cloud.com/products/electriccommander.php Description: ElectricCommander is an enterprise-class automation platform for the entire build-test-deploy process. Unlike traditional continuous integration servers, ElectricCommander has an extensible architecture that can scale to support multiple teams, working in multiple locations, and developing for multiple platforms--with a single system. It is simple to roll out, provides traceability for compliance efforts, and supports continuous integration and agile development techniques.

"Establishing Objectives that Make Your Performance Testing Matter"
The latest Web seminar brought to you by StickyMinds.com and Better Software magazine * Sponsored by Oracle * All too often, stated or presumed objectives of performance testing do not map to the stakeholder's informational needs. During this talk, Scott Barber and Matthew Demeusy will present an approach for getting objectives in line with informational needs to help ensure not only that your performance testing will be more relevant but also that you don't spend time conducting performance testing that solves technical challenges that don't add value to your project. Join us Tuesday Sept. 9, at 2 p.m. ET. Register and attend this Web seminar to be automatically entered into our drawing for a StickyMinds.com PowerPass membership.
http://www.sqe.com/go?WS090908BTL

@StickyMinds on Twitter
Want to get a daily dose of what’s new and popular on StickyMinds.com and in Better Software magazine? Follow @StickyMinds on Twitter for regular updates about weekly columns, news, discussion boards, eNewsletters, and more, as well as information about Better Software magazine articles and Software Quality Engineering conferences. Don’t have a Twitter account? Follow our Twitter feed at: http://www.twitter.com/StickyMinds

Calling All Software Developers, Testers, and Managers
The 2008 Better Software magazine/StickyMinds.com Salary Survey is in full swing! Don’t miss your chance to contribute to the collective knowledge of industry salaries and employment trends. Follow the link that best describes your employment level, answer a few questions, and enter to win a $50 Best Buy gift certificate! The results will appear in the December 2008 issue of Better Software magazine.

Staff Level: http://www.stickyminds.com/2008salarysurveystaff
Management Level: http://www.stickyminds.com/2008salarysurveymanagement
Director Level: http://www.stickyminds.com/2008salarysurveydirector

What do you think about Gmail's ongoing beta status?

• Google is right to keep it in beta if it thinks it is a beta product.
• After four years of beta and more than a year of public-release beta, it should be officially released.
• Either way, it's up to Google to decide, and companies and individuals using Gmail should take its beta status into account.

• 50% said, "It is justified. Childs should have turned over the passwords immediately upon request."
  
• 50% said, "He shouldn't have withheld the passwords, but the city is overreacting."