1.) There's a new openssh exploit in the wild. A new version of openssh was released, 3.7p1, and from what I heard it may not be a complete fix, but it fixes the immediate problem. I got this from a (very!) reliable source. Bugtraq, Full-Disclosure, and other similar lists have updates on this.
2.) Verisign has set up wildcards so now any unregistered .com or .net domain, and any host in that domain, will point to their servers. This includes mail and web servers, and they've got servers that are answering requests and potentially logging anything that comes in, so a simple typo could easily provide them info. You can read up on this on the NANOG mailing list, among others, and on the NY Times here: http://www.nytimes.com/2003/09/15/technology/15MISS.html and on this site here: http://www.haque.net/verisign_dns_rant.php and here in the washington post:
http://www.washingtonpost.com/wp-dyn/articles/A996-2003Sep12.html
Enjoy.
