Sponsored White Papers, Webcasts, and Downloads
Additional Resources
- Gaping holes in RealPlayer patched
- Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...
- Tags: Vulnerability, RealNetworks Inc., RealNetworks RealPlayer, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine
- Blog posts 2008-07-25
- Microsoft joins 'patch DNS now' chant; Apple patch missing
- On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...
- Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine
- Blog posts 2008-07-25
- How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
- The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...
- Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev
- Blog posts 2008-07-25
- Heap-based buffer overflow reported in RealNetworks RealPlayer
- Update 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer. From Aaron's email: Notice the Secunia advisory states it affects RealPlayer 10.5... the latest is 11.x, which now uses...
- Tags: Vulnerability, RealNetworks Inc., Buffer-overflow, RealNetworks RealPlayer, Secunia Research, Vendor, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Nathan McFeters
- Blog posts 2008-07-25
- Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon
- Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...
- Tags: Domain names, DNS server, TTL, server, Kaminsky
- Discussion threads 2008-07-24
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Tags: Domain names, NETWORKING, Operating systems, Alecco, DNS, ruid, exploit, HD Moore, Linux
- Discussion threads 2008-07-24
- |)ruid and HD Moore release part 2 of DNS exploit
- [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...
- Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters
- Blog posts 2008-07-23
- Attack code published for DNS flaw
- The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches. Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool....
- Tags: Ryan Naraine
- Blog posts 2008-07-23
- iPhone vulnerable to phishing, spamming flaws
- Security researcher Aviv Raff left has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks. According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which...
- Tags: Apple iPhone, Apple Safari, Vulnerability, Spamming, Flaw, Aviv Raff, Phishing, Spam, Security, Spam And Phishing, Ryan Naraine
- Blog posts 2008-07-23
- A look at the recent Firefox 3 vulnerability
- A look at the recent Firefox 3 vulnerabilityLOLAlways makes me laugh when a Firefox article is written critical of it, no one adds an opinion.If this were about IE, the thread would be huge.quit making such a big deal, read moreWhy do people write about security vulnerabilities that have happened...
- Tags: Web browsers, SECURITY, vulnerability, Mozilla Firefox, Mozilla Firefox 3.0
- Discussion threads 2008-07-23
- McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
- Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products : "A recent...
- Tags: Software, McAfee Inc., Antivirus, Vulnerability, Vendor, Flaw, N.Runs, Dancho, Security, Viruses And Worms, Dancho Danchev
- Blog posts 2008-07-23
- News to know: Yahoo; VMware; Apple; DNS vulnerability
- Notable headlines: Ryan Naraine: Vulnerability disclosure gone awry: Understanding the DNS debacle RIM ships fix for BlackBerry code execution bug Dancho Danchev: Georgia President's web site under DDoS attack from Russian hackers 75% of online banking sites found vulnerable to security design...
- Tags: Apple iPhone, Google Inc., Larry Dignan, DNS, Yahoo! Inc., Vulnerability, Dana Blankenhorn, Health Care, Apple Inc., VMware Inc., App Store, Banking, Vertical Industries, Domain Names, Benefits, Healthcare, Security, Financial Services, Enterprise Software, Software, Internet, Human Resources
- Blog posts 2008-07-23
- RIM ships fix for BlackBerry code execution bug
- Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users: Research in Motion RIM has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. ...
- Tags: Research In Motion Ltd., RIM BlackBerry, Handhelds, Hardware, Ryan Naraine
- Blog posts 2008-07-22
- A look at the recent Firefox 3 vulnerability
- True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...
- Tags: Mozilla Firefox 3.0, Mozilla Firefox, Apple Safari, Vulnerability, Protocol Handler, Firefox3, Security Decision, Web Browsers, Security, Internet, Nathan McFeters
- Blog posts 2008-07-22
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- Vulnerability disclosure gone awry: Understanding the DNS debacleI think he deserved better for sureYou know, Dan does manipulate the media well, but I'll tell you this, he's a stand-up guy. Did he try to drum up the press a bit? Sure, why not? Did he choose his...
- Tags: Domain names, Advertising & Promotion, Dan, DNS
- Discussion threads 2008-07-22
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...
- Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine
- Blog posts 2008-07-22
- News to know: Apple, Crapware; Icahn and Yahoo; Brocade
- Notable headlines: Larry Dignan: Apple's Mac shipments surge; Lowballs on outlook; Jobs health worries Adrian Kingsley-Hughes: Apple reports record Q3 08 Does Apple need to announce a post Steve Jobs plan? Dennis Howlett: Apple chaos theory Jason O'Grady: Apple Q3 2008...
- Tags: Apple iPhone, Sony Corp., Facebook, Larry Dignan, Yahoo! Inc., Brocade Communications Systems Inc., Apple Inc., Mice, Utility Computing, 3G, Open Source, Hardware, Peripherals, Cellular Phones, Consumer Electronics, Personal Technology
- Blog posts 2008-07-22
- Has Halvar figured out super-secret DNS vulnerability?
- Has Halvar figured out super-secret DNS vulnerability?Good Lord!Whatever does happen, this has been fun to read about.in summaryHalvar's approach is to play a game in which you win with a low probability. If you are able to win the race with the authoritative server and guess one TXID, you...
- Tags: Games, Domain names, Halvar, TXID, game, DNS
- Discussion threads 2008-07-21
- Has Halvar figured out super-secret DNS vulnerability?
- [ UPDATE: Kaminsky has all but confirmed that, yes, the cat is out of the bag ] It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar...
- Tags: DNS, Vulnerability, Server, Referral, Mallory, Domain Names, Networking, Security, Internet, Ryan Naraine
- Blog posts 2008-07-21
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
Designed specifically to address the concerns of senior IT managers at organizations with more than 100 employees, the Intel Premier IT Professional Program provides best practices via local and e-Seminars and a members-only Web site.
According to a new study from the Economist, future success belongs to those who collaborate effectively. Learn how successful collaboration can improve profits, problem-solving, and competitive differentiation.
