kaminsky

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Black Hat Las Vegas Day 1

Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...

Tags: Blogging, Black Hat

Discussion threads 2008-08-08

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...

Tags: Domain names, DNS server, TTL, server, Kaminsky

Discussion threads 2008-07-24

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work...

Tags: CERT, DNS Server, Domain Names, Internet, Kaminsky, Nathan McFeters, Patches, Security, Server

Blog posts 2008-07-24

Kaminsky and Ptacek comment on DNS flaw

Kaminsky and Ptacek comment on DNS flaw"Important"I guess Microsoft agrees that it's not a really scary vulnerability.ActuallyI talked to Dan about this. It early on threw me off too, but their rating has to do with the fact that it is a spoofing flaw, and not an arbitrary code...

Tags: DNS, DNS flaw, flaw, Kaminsky, Ptacek, Ptacek comment

Discussion threads 2008-07-08

Additional Resources

Enterprises thrown a lifeline as Conflicker worm looms

There has been a big break in the Conflicker worm that threatens to activate and cause a lot of havoc on April 1: German researchers at the Honeynet Project have been able to fingerprint the malware on infected networks.  Ryan Naraine has the details: Just days...

Tags: Network, Honeynet Project, Worm, Conflicker, Ryan Naraine, Network Scanner, Scanners, Cyberthreats, Viruses And Worms, Security, Hardware, Peripherals, Larry Dignan

Blog posts 2009-03-30

German researchers score Conficker detection breakthrough

German researchers score Conficker detection breakthroughI think they meant March 30"The Honeynet Project has released proof of concept scanner and, later today (April 30th)..."Link for nmap would be appreciatedI've been looking for instructions or a plugin for nmap and haven't found anything but others looking for the same thing. A...

Tags: PRODUCTIVITY, SECURITY, Patches, Cyberthreats, Conficker, detection breakthrough, Conficker detection breakthrough

Discussion threads 2009-03-30

German researchers score Conficker detection breakthrough

Just days ahead of an April 1st activation date for the Conficker worm squirming through the Windows operating system, security researchers at the Honeynet Project have scored a major breakthrough, finding a way to fingerprint the malware on infected networks. Now, with the help of Dan Kaminsky...

Tags: Researcher, Network, Honeynet Project, Malware, Conficker, Conficker Malware, Scanners, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Hardware, Peripherals, Ryan Naraine

Blog posts 2009-03-30

SSL broken! Hackers create rogue CA certificate using MD5 collisions

SSL broken! Hackers create rogue CA certificate using MD5 collisionsAt least they're talking to the vendors first.Now if only the CAs will get off their butts and implement some changes...RE: SSL broken! Hackers create rogue CA certificate using MD5 collisions�¿�¸�·�´Ñ‘�¶ Ñ‘�±�°�½�°, �°�²Ñ‚�¾Ñ€Ñƒ Ñ„�°�¿�°Ñ‚ÑŒ 25 Ñ€�°�·RE: SSL broken! Hackers create rogue...

Tags: SSL/TLS, Authentication/Encryption, Network security, SECURITY, MD5, Computer Associates International Inc., SSL, collision

Discussion threads 2008-12-30

SSL broken! Hackers create rogue CA certificate using MD5 collisions

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority CA, a breakthrough...

Tags: Certification Authority, SSL, Web Browser, Computer Associates International Inc., Certificate, Hacker, MD5, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-12-30

Breaking the zero-day habit

* Ryan Naraine is traveling. Guest editorial by Mike Rothman Given that this blog is called "Zero Day," I think it's fitting that I'm calling for most security professionals to ignore most of what comes out of the security research community. To be...

Tags: Security Professional, Risks, Security, Ryan Naraine

Blog posts 2008-12-02

Debate around 'partial disclosure' heats up

There are many ways of telling the world about a security vulnerability. A vulnerability can be announced without telling the vendor, it can be announced after giving the vendor a period of time to fix the issue, or it may just be circulated amongst the underground without ever coming...

Tags: Disclosure, Researcher, Vulnerability, Security, Adam O'Donnell

Blog posts 2008-10-13

The depressing future of the Internet

A brief overview of how the Internet came about: some years ago, some military boffs thought it'd be awesome if computers could talk to each other, so the US could nuke the hell out of other countries without actually being near there. A smart professor from England then came up...

Tags: Security, IPv6, Computer, Flaw, IPv6 Adoption, Internet, Zack Whittaker

Blog posts 2008-08-28

Who’s Dumber: Bad Guys … Or Good Guys?

In the old cowboy movies, the black hats were villains that created mayhem, until the white hats came along and ended their reigns of fear. Now, we have the spectacle of good guys seemingly educating the bad guys on how to exploit flaws or processes of the Internet, that...

Tags: Hat, Flaw, Internet, Social Security, BGP, Operational Accounting, Government, Networking, Finance, Tom Steinert-Threlkeld

Blog posts 2008-08-27

MBTA published checksum info in court filings

MBTA published checksum info in court filingsWho is MBTA?Admittedly, I could probably look it up, but it really should be one of the first things you mention in your article.The important question is TRO, not PROThe spectre of a permanent restraining order is a red herring. The immediate harm...

Tags: SECURITY, MBTA, TRO, court filing, filing

Discussion threads 2008-08-14

Measuring (not so) recent BIND nameserver patching

Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...

Tags: Vulnerability, BIND, Domain, Dinosaur, Domain Names, Internet, Ryan Naraine

Blog posts 2008-08-14

Black Hat Las Vegas Day 1

Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...

Tags: Billy Rios, Black Hat, Cyberthreats, Nathan McFeters, Phishing, Security, Spam, Spam And Phishing, Viruses And Worms

Blog posts 2008-08-08

Expert: SOA vulnerable to DNS security flaw, too

This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw or DNS cache poisoning vulnerability, and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation,...

Tags: security, dns, server, soa, flaw, domain names, service-oriented architecture (soa), networking, internet, web services, enterprise software, software, joe mckendrick

Blog posts 2008-08-06

Did Apple forget to patch something?

Did Apple forget to patch something?AppleI usually sing the praises of Apple except when they don't live up to the hype or expectations. If they really want to grow their user base, they'd better get with it when it comes to delivering patches in a timely manner. In terms of...

Tags: Domain names, Operating systems, Apple Mac OS X, BIND, Apple Mac OS, Apple Macintosh, DNS, Apple Inc., server

Discussion threads 2008-08-01

Apple finally ships DNS flaw fix, patches 16 other Mac OS X holes

[ UPDATE: nCircle Andrew Storms reports that the DNS client on the OSX 10.4.11 distribution still has not been patched.  ] Apple has shipped a Mac OS X security update with patches for at least 17 documented vulnerabilities, including a fix for the serious DNS...

Tags: Apple Macintosh, DNS, Patch Management, Apple Inc., Issue, Arbitrary Code Execution, Flaw, Application Termination, Apple Mac OS X, Apple Mac OS, Domain Names, Operating Systems, Software, Internet, Ryan Naraine

Blog posts 2008-07-31

Microsoft joins 'patch DNS now' chant; Apple patch missing

On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...

Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine

Blog posts 2008-07-25