So for those of you who arn't aware, as of yesterday, it's easy for any spotty teenager/script kiddie to make you see content you didn't expect to when you go to google or your bank, etc. Maybe you're lucky and someone has fixed the problem on your network. Most likely you're not so lucky.

(Confidential to Anna, Maggie, Adrianne, Errol, Barbara, Mark: You're lucky! But only when you're at home.)

At the moment, the idea that DNS can be trivially poisoned seems like a really serious problem.

Will there come to be a point when we just regard this as "DNS spam", basically accepting that it's happening all the time, indeed that a given DNS query is as likely spoofed than good, and nothing can be trusted, or indeed, fixed? If you don't think this can happen to a internet techology, just look at the average inbox now, and compare it to the average inbox circa 1993.

I can't claim to be an expert in this area, but based on what I'm reading, the current "fix" increases the time-to-exploit from 11 seconds to maybe 1 week. (BTW, is there a reason why DNS servers are caching in-baliwick responses.. would it work to entirely disable that caching? Any chance for a second round of more targeted fixes now that the cat is out of the bag?) Also, I get the impression DNSSEC will never be successfully deployed, barring a miracle. And we seem to have just run out of miracles.