kaminsky

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Black Hat Las Vegas Day 1

Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...

Tags: Blogging, Black Hat

Discussion threads 2008-08-08

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...

Tags: Domain names, DNS server, TTL, server, Kaminsky

Discussion threads 2008-07-24

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work...

Tags: CERT, DNS Server, Domain Names, Internet, Kaminsky, Nathan McFeters, Patches, Security, Server

Blog posts 2008-07-24

Kaminsky and Ptacek comment on DNS flaw

Kaminsky and Ptacek comment on DNS flaw"Important"I guess Microsoft agrees that it's not a really scary vulnerability.ActuallyI talked to Dan about this. It early on threw me off too, but their rating has to do with the fact that it is a spoofing flaw, and not an arbitrary code...

Tags: DNS, DNS flaw, flaw, Kaminsky, Ptacek, Ptacek comment

Discussion threads 2008-07-08

Additional Resources

BIND is not just legacy freeware

DNS in the cloud isn't new either...Sounds like they are trying to copy OpenDNS!They are already old tech compared to what's out there...RE: BIND is not just legacy freewareI just remember when Verisign started that program where it hijacked mistyped domains and broke a lot of Internet functionality. Suddenly,...

Tags: Domain names, BIND, legacy freeware

Discussion threads 2009-09-23

Mozilla patches 'critical' Firefox flaws

Mozilla patches 'critical' Firefox flawsNever ending critical flawsIsn't it obvious now that HTML / JAVASCRIPT was so badly designed that these flaws are inevitable? WEB needs a new markup standard, and it'd better not be HTML-oriented regardless how these W3C guys insist they can get it right.RE: Mozilla patches 'critical'...

Tags: Web browsers, Patches, SECURITY, Mozilla Firefox, Mozilla Corp., flaw, Firefox 3.5, patch management

Discussion threads 2009-08-03

Mozilla patches 'critical' Firefox flaws

Mozilla has released two advisories to patch serious security flaws in its flagship Firefox Web browser. The vulnerabilities are rated "critical," meaning they can be exploited by malicious hackers to run harmful code and install software, requiring no user interaction beyond normal browsing.  ...

Tags: Mozilla Firefox, Flaw, Vulnerability, Patch Management, SSL, Web Browser, Mozilla Corp., Certificate, Ssl/Tls, Web Browsers, Authentication/Encryption, Network Security, Security, Internet, Networking, Ryan Naraine

Blog posts 2009-08-03

Researchers exploit SSL and domain flaws

Researchers exploit SSL and domain flawsI read in an article earlier that read Dan Kaminsky's website hacked.It was an interesting read earlier this morning, 5 A.M. July 29, 2009 3:13 PM PDTSecurity experts' sites hacked on eve of Black Hat conferenceby Elinor Millshttp://news.cnet.com/8301-27080_3-10299126-245.htmlVeriSign Responds to Black HatTim Callan, vice president...

Tags: SSL/TLS, Authentication/Encryption, Network security, SECURITY, domain flaw, SSL, Black Hat

Discussion threads 2009-07-30

A Good Year for Security Collaboration

Guest Editorial by  George Stathakopoulos It seems like just yesterday when I was at Black Hat.  Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the...

Tags: Microsoft Corp., Conficker Working Group, Security, Ryan Naraine

Blog posts 2009-07-27

Enterprises thrown a lifeline as Conficker worm looms

There has been a big break in the Conficker worm that threatens to activate and cause a lot of havoc on April 1: German researchers at the Honeynet Project have been able to fingerprint the malware on infected networks. Ryan Naraine has the details: Just days...

Tags: Network, Honeynet Project, Worm, Conficker, Network Scanner, Scanners, Cyberthreats, Viruses And Worms, Security, Hardware, Peripherals, Larry Dignan

Blog posts 2009-03-30

German researchers score Conficker detection breakthrough

German researchers score Conficker detection breakthroughI think they meant March 30"The Honeynet Project has released proof of concept scanner and, later today (April 30th)..."Link for nmap would be appreciatedI've been looking for instructions or a plugin for nmap and haven't found anything but others looking for the same thing. A...

Tags: PRODUCTIVITY, SECURITY, Patches, Cyberthreats, Conficker, detection breakthrough, Conficker detection breakthrough

Discussion threads 2009-03-30

German researchers score Conficker detection breakthrough

Just days ahead of an April 1st activation date for the Conficker worm squirming through the Windows operating system, security researchers at the Honeynet Project have scored a major breakthrough, finding a way to fingerprint the malware on infected networks. Now, with the help of Dan Kaminsky...

Tags: Researcher, Network, Honeynet Project, Malware, Conficker, Conficker Malware, Scanners, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Hardware, Peripherals, Ryan Naraine

Blog posts 2009-03-30

SSL broken! Hackers create rogue CA certificate using MD5 collisions

SSL broken! Hackers create rogue CA certificate using MD5 collisionsAt least they're talking to the vendors first.Now if only the CAs will get off their butts and implement some changes...RE: SSL broken! Hackers create rogue CA certificate using MD5 collisions�¿�¸�·�´Ñ‘�¶ Ñ‘�±�°�½�°, �°�²Ñ‚�¾Ñ€Ñƒ Ñ„�°�¿�°Ñ‚ÑŒ 25 Ñ€�°�·RE: SSL broken! Hackers create rogue...

Tags: SSL/TLS, Authentication/Encryption, Network security, SECURITY, MD5, Computer Associates International Inc., SSL, collision

Discussion threads 2008-12-30

SSL broken! Hackers create rogue CA certificate using MD5 collisions

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority CA, a breakthrough...

Tags: Certification Authority, SSL, Web Browser, Computer Associates International Inc., Certificate, Hacker, MD5, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-12-30

Breaking the zero-day habit

* Ryan Naraine is traveling. Guest editorial by Mike Rothman Given that this blog is called "Zero Day," I think it's fitting that I'm calling for most security professionals to ignore most of what comes out of the security research community. To be...

Tags: Security Professional, Risks, Security, Ryan Naraine

Blog posts 2008-12-02

Debate around 'partial disclosure' heats up

There are many ways of telling the world about a security vulnerability. A vulnerability can be announced without telling the vendor, it can be announced after giving the vendor a period of time to fix the issue, or it may just be circulated amongst the underground without ever coming...

Tags: Disclosure, Researcher, Vulnerability, Security, Adam O'Donnell

Blog posts 2008-10-13

The depressing future of the Internet

A brief overview of how the Internet came about: some years ago, some military boffs thought it'd be awesome if computers could talk to each other, so the US could nuke the hell out of other countries without actually being near there. A smart professor from England then came up...

Tags: Security, IPv6, Computer, Flaw, IPv6 Adoption, Internet, Zack Whittaker

Blog posts 2008-08-28

Who’s Dumber: Bad Guys … Or Good Guys?

In the old cowboy movies, the black hats were villains that created mayhem, until the white hats came along and ended their reigns of fear. Now, we have the spectacle of good guys seemingly educating the bad guys on how to exploit flaws or processes of the Internet, that...

Tags: Hat, Flaw, Internet, Social Security, BGP, Operational Accounting, Government, Networking, Finance, Tom Steinert-Threlkeld

Blog posts 2008-08-27

MBTA published checksum info in court filings

MBTA published checksum info in court filingsWho is MBTA?Admittedly, I could probably look it up, but it really should be one of the first things you mention in your article.The important question is TRO, not PROThe spectre of a permanent restraining order is a red herring. The immediate harm...

Tags: SECURITY, MBTA, TRO, court filing, filing

Discussion threads 2008-08-14

Measuring (not so) recent BIND nameserver patching

Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...

Tags: Vulnerability, BIND, Domain, Dinosaur, Domain Names, Internet, Ryan Naraine

Blog posts 2008-08-14