Sponsored White Papers, Webcasts, and Downloads
Additional Resources
- A Good Year for Security Collaboration
- Guest Editorial by George Stathakopoulos It seems like just yesterday when I was at Black Hat. Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the...
- Tags: Microsoft Corp., Conficker Working Group, Security, Ryan Naraine
- Blog posts 2009-07-27
- Dan Bernstein confirms DJBDNS security hole, pays $1,000
- Dan J. Bernstein has acknowledged an exploitable security flaw in his djbdns software and has made good on a public security guarantee -- to pay $1000 to the first person to publicly report a verifiable security hole in the latest version of the popular DNS name server. ...
- Tags: Security Hole, DNS, Dan Bernstein, Dan J. Bernstein, Third-party DNS Service, Domain Names, Security, Viruses And Worms, Internet, Ryan Naraine
- Blog posts 2009-03-06
- Debate around 'partial disclosure' heats up
- There are many ways of telling the world about a security vulnerability. A vulnerability can be announced without telling the vendor, it can be announced after giving the vendor a period of time to fix the issue, or it may just be circulated amongst the underground without ever coming...
- Tags: Disclosure, Researcher, Vulnerability, Security, Adam O'Donnell
- Blog posts 2008-10-13
- Reducing the Risk of DNS Cache Poisoning Via the Kaminsky DNS Vulnerability
- To help provide further protection, NitroSecurity worked with several outside security agencies - including the Rochester Institute of Technology - to develop a method wherein intrusion prevention IPS technology may be used to actively block this attack. The results: on it's own, NitroSecurity's proffered solution provides protection on par with...
- Tags: Protection, Risk, DNS, Vulnerability, DNS Server, NitroSecurity, Domain Names, Intrusion Prevention, Strategy, Networking, Security, Internet, Management
- White papers 2008-09-22
- Measuring (not so) recent BIND nameserver patching
- Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...
- Tags: Vulnerability, BIND, Domain, Dinosaur, Domain Names, Internet, Ryan Naraine
- Blog posts 2008-08-14
- Expert: SOA vulnerable to DNS security flaw, too
- This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw or DNS cache poisoning vulnerability, and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation,...
- Tags: security, dns, server, soa, flaw, domain names, service-oriented architecture (soa), networking, internet, web services, enterprise software, software, joe mckendrick
- Blog posts 2008-08-06
- Did Apple forget to patch something?
- Less than 24 hours after Apple belatedly released a patch for the DNS cache poisoning vulnerability, there are reports circulating that the DNS client on the OSX 10.4.11 distribution still has not been patched. According to nCircle's Andrew Storms, the client libraries on a fully patched OSX...
- Tags: DNS, Domain, IP, Server, Apple Inc., BSD, Client Library, Domain Names, Networking, Internet, Ryan Naraine
- Blog posts 2008-08-01
- Apple finally ships DNS flaw fix, patches 16 other Mac OS X holes
- [ UPDATE: nCircle Andrew Storms reports that the DNS client on the OSX 10.4.11 distribution still has not been patched. ] Apple has shipped a Mac OS X security update with patches for at least 17 documented vulnerabilities, including a fix for the serious DNS...
- Tags: Apple Macintosh, DNS, Patch Management, Apple Inc., Issue, Arbitrary Code Execution, Flaw, Application Termination, Apple Mac OS X, Apple Mac OS, Domain Names, Operating Systems, Software, Internet, Ryan Naraine
- Blog posts 2008-07-31
- HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame
- A week after |)ruid and HD Moore release part 2 of DNS exploit, HD Moore's company BreakingPoint has suffered a traffic redirection to a rogue Google site, thanks to the already poisoned cache at AT&T servers to which his company was forwarding DNS traffic : "It happened on Tuesday...
- Tags: Revenue, Google Inc., DNS, DNS Server, AT&T Corp., Server, Attack, Domain Names, Networking, Security, Internet, Dancho Danchev
- Blog posts 2008-07-30
- Evolution is punctuated equilibria
- Guest editorial by Dino Dai Zovi In evolutionary biology, the theory of punctuated equilibiria states that evolution is not a gradual process but instead consists of long periods of stasis interrupted by rapid, catastrophic change. Â This is supported by fossil evidence that shows...
- Tags: Vulnerability, Exploit, Internet Security, Internet Security Community, Internet, Security, Ryan Naraine
- Blog posts 2008-07-30
- DNS cache poisoning attacks exploited in the wild
- DNS cache poisoning attacks exploited in the wildMy W2k server and SuSE 10.2...server were easily patched through their respective automatic updates. The patching was so easy that anyone running a DNS server that hasn't patched already is an idiot.Is https still safe?I'm imagining that https connections are still safe. In...
- Tags: Domain names, NETWORKING, Referral URL, Server-name, Whois, DNS, Whois Server, IP address, DNS cache poisoning attack, IP
- Discussion threads 2008-07-29
- DNS cache poisoning attacks exploited in the wild
- UPDATE: Arbor Networks have provided more details in their "30 Days of DNS Attack Activity" analysis, SANS confirmed HD Moore's statement on DNS cache poisoned AT&T DNS servers. Numerous independent sources are starting to see evidence of DNS cache poisoning attempts on their local networks, in what appears to be...
- Tags: Query, DNS, Vulnerability, Server, Attack, Domain Names, Networking, Internet, Dancho Danchev
- Blog posts 2008-07-29
- Responding to the DNS vulnerability and attacks
- The DNS vulnerability, which has completely dominated the news in the security world the last two weeks, has been a concern for so many. On the front of good news and getting things protected, the IBM ISS has team has published some great information. The Frequency X...
- Tags: DNS, Vulnerability, DNS Server, Server, Network Address Translation, IBM Corp., Attack, Domain Names, Networking, Security, Internet, Nathan McFeters
- Blog posts 2008-07-28
- News to know: Geek sheets; Cuil; Apple; DNS patch
- Notable headlines: Jason Perlow: Geek Sheet: A Tweaker's Guide to Solid State Drives SSDs and Linux Gallery: Crucial Micron Solid State Drives My Sunday Afternoon: Fun with VMWare ESX 3i Dana Blankenhorn: The Microsoft way with Apache ...
- Tags: Apple iPhone, Larry Dignan, Data Center, DNS, Apple Inc., Microsoft Corp., Data Centers, Domain Names, Video Cards, Linux, Storage, Semiconductors, Networking, Hardware, Data Management, Internet, Components, Operating Systems, Software
- Blog posts 2008-07-28
- Microsoft joins 'patch DNS now' chant; Apple patch missing
- On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...
- Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine
- Blog posts 2008-07-25
- How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
- The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...
- Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev
- Blog posts 2008-07-25
- Attack code published for DNS flaw
- The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches. Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool....
- Tags: Ryan Naraine
- Blog posts 2008-07-23
- Has Halvar figured out super-secret DNS vulnerability?
- Has Halvar figured out super-secret DNS vulnerability?Good Lord!Whatever does happen, this has been fun to read about.in summaryHalvar's approach is to play a game in which you win with a low probability. If you are able to win the race with the authoritative server and guess one TXID, you...
- Tags: Games, Domain names, Halvar, TXID, game, DNS
- Discussion threads 2008-07-21
- Has Halvar figured out super-secret DNS vulnerability?
- [ UPDATE:Â Kaminsky has all but confirmed that, yes, the cat is out of the bag ] It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar...
- Tags: DNS, Vulnerability, Server, Referral, Mallory, Domain Names, Networking, Security, Internet, Ryan Naraine
- Blog posts 2008-07-21
- << Previous
- page 1 of 1
- Next >>
Popular Sanity Saver Videos
White Papers and Webcasts
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
