Are we vulnerable?  Here's an excerpt of WSJ article.  -Mike

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CERT, a federally funded research center operated by Carnegie Mellon University, issued an advisory Monday morning of multiple vulnerabilities in a common piece of software that converts Web addresses such as www.cert.org to the numerical codes that computers can understand, like 10.21.30.5.

"Attackers can exploit these vulnerabilities to break into and take control of affected" domain-name system servers, said Jeffrey Lanza, a CERT Internet security analyst. "Once they have gained control, the attackers can disable or modify the DNS information, rendering it either unusable or unreliable."

The software in question is known as BIND, for Berkeley Internet Name Domain, which is widely used and maintained by the Internet Software Consortium, a standards body. Essentially, every Web site depends on one or more DNS servers, and CERT estimates that more than 80% of them are vulnerable to the newly discovered problems.

The vulnerabilities was discovered by a division of Networks Associates Inc. a few weeks ago. The unit, Covert Labs, notified ISC and together the organizations worked on fixes. Researchers said DNS server operators must now update their BIND software to address the problem, or apply a patch. The updated software is now available at www.ISC.org (www.isc.org).