Yesterday I noted that with two working exploits in the wild for a major new DNS vulnerability, a significant number of major ISPs had yet to fully patch their systems, leaving their users vulnerable to scams and identity theft. While some security analyst tests claimed that Comcast was among the companies falling behind in the patching, Comcast tells me that isn't the case.

Comcast spokesman Charlie Douglas says the company had their systems patched back in June -- and have been working hard to ensure all fixes are in place. Dan Kaminsky, the researcher who first discovered this flaw, confirms this with a post to our forums, where he notes Comcast has worked with a company named Nominum to implement a system that can slow the discovered attack down by a "couple hundred times."

"A couple hundred times harder to attack corresponds to ~8 bits of entropy, which is how short they are right now," he says. "They're investigating now if they can get a couple of bits more in, just for added security." Kaminsky says this is an instance where Comcast earned some well-deserved kudos.

"Nominum, and ComCast by extension, need some credit for working to develop more intensive protections against this attack -- even if it's much less convenient for those of us building test tools," says Kaminsky. "It's not every day that Comcast and I are on the same side of the fence -- ahem, net neutrality. This is however a much graver threat, and frankly more ISP's need to follow Comcast's lead here (now there are words I never thought I'd write!)."

Update:A user writes in to note that Verizon may also be falsely accused of being slow to patch their systems: