Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Black Hat Las Vegas Day 1
- Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...
- Tags: Blogging, Black Hat
- Discussion threads 2008-08-08
- Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon
- Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...
- Tags: Domain names, DNS server, TTL, server, Kaminsky
- Discussion threads 2008-07-24
- Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon
- I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work...
- Tags: CERT, DNS Server, Server, Kaminsky, Dan, Patches, Domain Names, Security, Internet, Nathan McFeters
- Blog posts 2008-07-24
- Kaminsky and Ptacek comment on DNS flaw
- Kaminsky and Ptacek comment on DNS flaw"Important"I guess Microsoft agrees that it's not a really scary vulnerability.ActuallyI talked to Dan about this. It early on threw me off too, but their rating has to do with the fact that it is a spoofing flaw, and not an arbitrary code...
- Tags: Domain names, SECURITY, Ptacek, Kaminsky, DNS, flaw
- Discussion threads 2008-07-08
Additional Resources
- The depressing future of the Internet
- A brief overview of how the Internet came about: some years ago, some military boffs thought it'd be awesome if computers could talk to each other, so the US could nuke the hell out of other countries without actually being near there. A smart professor from England then came up...
- Tags: Security, IPv6, Computer, Flaw, IPv6 Adoption, Internet, Zack Whittaker
- Blog posts 2008-08-28
- Who's Dumber: Bad Guys … Or Good Guys?
- In the old cowboy movies, the black hats were villains that created mayhem, until the white hats came along and ended their reigns of fear. Now, we have the spectacle of good guys seemingly educating the bad guys on how to exploit flaws or processes of the Internet, that...
- Tags: Hat, Flaw, Internet, Social Security, BGP, Operational Accounting, Government, Networking, Finance, Tom Steinert-Threlkeld
- Blog posts 2008-08-27
- Measuring (not so) recent BIND nameserver patching
- Guest editorial by Derek Callaway This post is meant to provide an approximation of BIND nameserver updates that occurred during the past month, most likely in response to Dan Kaminsky's DNS cache poisoning vulnerability. I conducted this research because I was curious as to how widely BIND...
- Tags: Vulnerability, BIND, Domain, Dinosaur, Domain Names, Internet, Ryan Naraine
- Blog posts 2008-08-14
- Black Hat Las Vegas Day 1
- Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...
- Tags: Black Hat, Billy Rios, Dan, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters
- Blog posts 2008-08-08
- Expert: SOA vulnerable to DNS security flaw, too
- This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw or DNS cache poisoning vulnerability, and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation,...
- Tags: security, dns, server, soa, flaw, domain names, service-oriented architecture (soa), networking, internet, web services, enterprise software, software, joe mckendrick
- Blog posts 2008-08-06
- Did Apple forget to patch something?
- Did Apple forget to patch something?AppleI usually sing the praises of Apple except when they don't live up to the hype or expectations. If they really want to grow their user base, they'd better get with it when it comes to delivering patches in a timely manner. In terms of...
- Tags: Domain names, Operating systems, Apple Mac OS X, BIND, Apple Mac OS, Apple Macintosh, DNS, Apple Inc., server
- Discussion threads 2008-08-01
- Apple finally ships DNS flaw fix, patches 16 other Mac OS X holes
- [ UPDATE: nCircle Andrew Storms reports that the DNS client on the OSX 10.4.11 distribution still has not been patched. ] Apple has shipped a Mac OS X security update with patches for at least 17 documented vulnerabilities, including a fix for the serious DNS...
- Tags: Apple Macintosh, DNS, Patch Management, Apple Inc., Issue, Arbitrary Code Execution, Flaw, Application Termination, Apple Mac OS X, Apple Mac OS, Domain Names, Operating Systems, Software, Internet, Ryan Naraine
- Blog posts 2008-07-31
- Microsoft joins 'patch DNS now' chant; Apple patch missing
- On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...
- Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine
- Blog posts 2008-07-25
- How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability
- The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...
- Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev
- Blog posts 2008-07-25
- News to know: 'Spam king' dead; Microsoft's cloud; Dell;
- Notable headlines: Ryan Naraine: Escapee 'Spam King' dead in apparent murder-suicide CBS Denver Video: 'Spam King' Inmate Dies Along With Wife, Daughter Mary Jo Foley: Ozzie foreshadows 'Zurich,' Microsoft's elastic cloud Microsoft to get more 'Apple-like' in PC,...
- Tags: Larry Dignan
- Blog posts 2008-07-25
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Tags: Domain names, NETWORKING, Operating systems, Alecco, DNS, ruid, exploit, HD Moore, Linux
- Discussion threads 2008-07-24
- |)ruid and HD Moore release part 2 of DNS exploit
- [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...
- Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters
- Blog posts 2008-07-23
- Attack code published for DNS flaw
- Attack code published for DNS flawIrresponsible and evil"In an IM exchange, Moore told me his exploit takes about a minute or two to poison a DNS cache but said he is working to improve it in version 2.0."As far as i am concerened he is just an evil person to...
- Tags: Domain names, Halvar, exploit, DNS
- Discussion threads 2008-07-23
- Attack code published for DNS flaw
- The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches. Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool....
- Tags: Ryan Naraine
- Blog posts 2008-07-23
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- Vulnerability disclosure gone awry: Understanding the DNS debacleI think he deserved better for sureYou know, Dan does manipulate the media well, but I'll tell you this, he's a stand-up guy. Did he try to drum up the press a bit? Sure, why not? Did he choose his...
- Tags: Domain names, Advertising & Promotion, Dan, DNS
- Discussion threads 2008-07-22
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...
- Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine
- Blog posts 2008-07-22
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
