The ZDNET guys are discussing the DNS fiasco, but they forgot one little detail which makes the vulnerability ever so much more potent than what it looks like:
Halvar just posted a very good hypothesis, but one that does not include the fact that a forged request can also include a glue record that updates the cache on the attacked server, with a very long TTL. What this gibberish means is that you can attack a DNS in ten seconds and gain control of all queries sent to that DNS for all subdomains of any second-level domain like
google.com. You "hijack"
xkdjlsfjls.google.com and you have in effect hijacked the entirety of
google.com for all users of the target DNS.
I'd post the Matasano article -- which has a very good explanation -- but I'd rather not worry about copyright infringement lawsuits.