halvar

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Attack code published for DNS flaw

Attack code published for DNS flawIrresponsible and evil"In an IM exchange, Moore told me his exploit takes about a minute or two to poison a DNS cache but said he is working to improve it in version 2.0."As far as i am concerened he is just an evil person to...

Tags: Domain names, Halvar, exploit, DNS

Discussion threads 2008-07-23

Has Halvar figured out super-secret DNS vulnerability?

Has Halvar figured out super-secret DNS vulnerability?Good Lord!Whatever does happen, this has been fun to read about.in summaryHalvar's approach is to play a game in which you win with a low probability. If you are able to win the race with the authoritative server and guess one TXID, you...

Tags: Games, Domain names, Halvar, TXID, game, DNS

Discussion threads 2008-07-21

Additional Resources

Black Hat Las Vegas Day 1

Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...

Tags: Black Hat, Billy Rios, Dan, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-08-08

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...

Tags: Domain names, DNS server, TTL, server, Kaminsky

Discussion threads 2008-07-24

|)ruid and HD Moore release part 2 of DNS exploit

|)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...

Tags: Domain names, NETWORKING, Operating systems, Alecco, DNS, ruid, exploit, HD Moore, Linux

Discussion threads 2008-07-24

Vulnerability disclosure gone awry: Understanding the DNS debacle

Vulnerability disclosure gone awry: Understanding the DNS debacleI think he deserved better for sureYou know, Dan does manipulate the media well, but I'll tell you this, he's a stand-up guy. Did he try to drum up the press a bit? Sure, why not? Did he choose his...

Tags: Domain names, Advertising & Promotion, Dan, DNS

Discussion threads 2008-07-22

Vulnerability disclosure gone awry: Understanding the DNS debacle

On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...

Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine

Blog posts 2008-07-22

News to know: Apple, Crapware; Icahn and Yahoo; Brocade

Notable headlines: Larry Dignan: Apple's Mac shipments surge; Lowballs on outlook; Jobs health worries Adrian Kingsley-Hughes: Apple reports record Q3 08 Does Apple need to announce a post Steve Jobs plan? Dennis Howlett: Apple chaos theory Jason O'Grady: Apple Q3 2008...

Tags: Apple iPhone, Sony Corp., Facebook, Larry Dignan, Yahoo! Inc., Brocade Communications Systems Inc., Apple Inc., Mice, Utility Computing, 3G, Open Source, Hardware, Peripherals, Cellular Phones, Consumer Electronics, Personal Technology

Blog posts 2008-07-22

Has Halvar figured out super-secret DNS vulnerability?

[ UPDATE:  Kaminsky has all but confirmed that, yes, the cat is out of the bag ] It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar...

Tags: DNS, Vulnerability, Server, Referral, Mallory, Domain Names, Networking, Security, Internet, Ryan Naraine

Blog posts 2008-07-21

2008 Pwnie Awards

Don't forget to go and vote on the Pwnie Awards, which will happen at Black Hat Vegas again this year.  I don't want to campaign for votes, but I wouldn't be pissed if some of my loyal readers out there voted for me, Billy Rios, Rob Carter, and John Heasman and...

Tags: Category, Nomination, Security, Nathan McFeters

Blog posts 2008-06-19

News to know: U.S. turns back hacker; Realtek data corruption; Facebook; Leveraging Linux

Notable headlines:Ryan Naraine: German hacker denied entry into U.S. for Black Hat training. Halvar Flake: I've been denied entry to the US essentially for carrying my trainings material.George Ou: Realtek network driver silently corrupts data.Paul Murphy: Leveraging Linux to sell yourself.Photos: Top 10 reviews of the week right.Jason O'Grady: No...

Tags: News to know, General

Blog posts 2007-07-30

German hacker denied entry into U.S. for Black Hat training

Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference, has been denied entry into the U.S. to attend and conduct training at this year's confab.Dullien left, a German reverse engineering whiz known in hacker circles as "Halvar Flake," said he was...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Passwords, Microsoft, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Cisco, Browsers, Botnets, Black Hat

Blog posts 2007-07-29

The iPhone security non-story

David Maynor is hoarding his Safari browser flaws with his eyes on the iPhone.As far back as January, hackers were asking questions about the iPhone CPU and preparing for attack scenarios.The first hacker that breaks into the iPhone will generate lots of headlines/publicity but that's right about where this story...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple

Blog posts 2007-06-26

Punditry: Will Microsoft buy flaws?

Last week, I wrote about hackers starting to agitate for Microsoft and other software vendors to start paying for information on security vulnerabilities. As a follow-up to that post, I pinged a few security research pros, asking whether they agreed its inevitable will start buying bugs. The responses: Dan...

Tags: Microsoft Corp., vulnerability, security

Blog posts 2007-03-19

eEye spies first MS Office 2007 remote exploit

Security researchers at eEye Digital Security have found what is believed to be the first remotely exploitable vulnerability in a Microsoft Office 2007 application.In a bare bones alert posted to its Upcoming Advisories page, eEye said he flaw exists within Publisher 2007 and can allow arbitrary code execution in the...

Tags: Spyware and Adware, Exploit code, Viruses and Worms, Data theft, Spam and Phishing, Patch Watch, Hackers, Zero-day attacks, Microsoft, Windows Vista, Rootkits, Vulnerability research, Punditocracy, Responsible disclosure

Blog posts 2007-02-22