The DNS Vulnerability: The Embedded Context

Following up my post earlier this morning, I’d now like to explicitly take the topic in an EDN-centric (and interactive) direction. Most of the to-date coverage on the DNS poisoning vulnerability has concentrated on its impact on servers, and on traditional computer clients. However, as you’ve hopefully sensed, my consistent focus has been inclusive of any piece of equipment that might make a DNS lookup request. A whole host of operating systems, both client- and server-tailored, are potentially impacted by the vulnerability Dan Kaminsky stumbled across and are therefore in potential need of update.

So I’m curious…how many of you have designed (and/or are currently designing) equipment that’s Internet-tethered and that accesses other computers via URLs (therefore requiring a DNS server intermediary)? For those of you subsequently affected by the DNS vulnerability, how many of you have ‘rolled your own O/S’, versus employed an off-the-shelf operating system? In the former case, (how, hopefully) are you planning on patching your code, especially in advance of Kaminsky’s Black Hat presentation where the vulnerability’s specifics will be revealed? And in the latter case, are you getting timely and comprehensive support from your software provider?

Finally, regardless of where your code comes from, how do you plan to implement the update…is your system flash memory- and/or HDD-based, or are you going to have to ship out new ROMs (and technicians to install them)? Thanks in advance for sharing your situation specifics and, in the process, helping out your engineering peers. We all look forward to your thoughts.