On last.fm: Listen to Michael Jackson on Last.fm
BNET Business Network:
BNET
TechRepublic
ZDNet

ZDNet Resources

Kaminsky and Ptacek comment on DNS flaw
Kaminsky and Ptacek comment on DNS flaw"Important"I guess Microsoft agrees that it's not a really scary vulnerability.ActuallyI talked to Dan about this. It early on threw me off too, but their rating has to do with the fact that it is a spoofing flaw, and not an arbitrary code...
Tags: DNS, DNS flaw, flaw, Kaminsky, Ptacek, Ptacek comment
Discussion threads 2008-07-08

Additional Resources

Vulnerability disclosure gone awry: Understanding the DNS debacle
Vulnerability disclosure gone awry: Understanding the DNS debacleI think he deserved better for sureYou know, Dan does manipulate the media well, but I'll tell you this, he's a stand-up guy. Did he try to drum up the press a bit? Sure, why not? Did he choose his...
Tags: debacle, DNS, DNS debacle
Discussion threads 2008-07-22
Vulnerability disclosure gone awry: Understanding the DNS debacle
On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...
Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine
Blog posts 2008-07-22
Has Halvar figured out super-secret DNS vulnerability?
[ UPDATE:  Kaminsky has all but confirmed that, yes, the cat is out of the bag ] It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar...
Tags: DNS, Vulnerability, Server, Referral, Mallory, Domain Names, Networking, Security, Internet, Ryan Naraine
Blog posts 2008-07-21
Kaminsky to discuss DNS flaw at Black Hat sponsored webcast
The Black Hat group on Twitter provided a message today alerting people to a webcast to be put on by Dan Kaminsky on the DNS vulnerabilities that I've heavily covered as follows: Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08 ...
Tags: Black Hat, Webcast, DNS, Flaw, Domain Names, Networking, Internet, Nathan McFeters
Blog posts 2008-07-15
News to know: iPhone; DNS patch; Online privacy; VMware; Vista
Notable headlines: Tom Steinert-Threlkeld: A Modest Privacy Proposal Richard Koman: Congress looks at next-gen ad networks Techmeme: iPhone reviews Matthew Miller: MSM Apple iPhone reviews are up and may just have saved me some cash ...
Tags: Apple iPhone, DNS, Online Privacy, Microsoft Windows Vista, Apple Inc., VMware Inc., Microsoft Corp., HP iPAQ 910, 3G, Domain Names, Cellular Phones, Wireless, Networking, Consumer Electronics, Personal Technology, Internet, Larry Dignan
Blog posts 2008-07-09
Don't doubt Deputy Dan
Well, it would seem that Tom Ptacek may have figured out something to do with Dan Kaminsky's earlier DNS flaw, and this may actually be the vulnerability to fear that we had originally heard.  Let's just say this, I've read Tom's postings on the Matasano blog for quite some time...
Tags: DNS, Domain Names, Networking, Internet, Nathan McFeters
Blog posts 2008-07-08
Kaminsky and Ptacek comment on DNS flaw
Well, well, well, what a day for security news! I got a chance to get the scoop word of mouth from Dan Kaminsky of IOActive (pictured above [image courtesy of quinnums]) and Thomas Ptacek of Matasano pictured below on the DNS flaw that's been all over the...
Tags: DNS, Flaw, Nate, Domain Names, Networking, Security, Internet, Nathan McFeters
Blog posts 2008-07-08
Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08
It would seem there's a bigger story to that MS08-037 flaw that came out for Patch Tuesday today. From Dave Lewis over at the Liquid Matrix security blog: Today Dan Kaminsky released a first, as far as I can recall. A coordinated patch was released today...
Tags: Black Hat, DNS, CERT, Flaw, Mogull, Updates, Domain Names, Networking, Security, Internet, Nathan McFeters
Blog posts 2008-07-08
How Snow Leopard can save Mac OS X from malware attacks
Guest Editorial by Dino Dai Zovi As reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard. While Intego calls this a critical vulnerability, I'm mostly with...
Tags: Apple Macintosh, Vulnerability, Malware, Attack, Apple Mac OS X, Apple Mac OS, Spyware, Adware & Malware, Desktops, Cyberthreats, Security, Operating Systems, Viruses And Worms, Software, Hardware, Ryan Naraine
Blog posts 2008-06-23
Apple security team finds code execution holes in Ruby
A member of Apple's security team has discovered multiple serious security vulnerabilities in Ruby, the popular open-source scripting language. According to an advisory on the Ruby project site, Apple's Drew Yao reported at least six of the vulnerabilities, which can be exploited to cause a denial-of-service  condition...
Tags: Team, Vulnerability, Apple Inc., Ruby, Scripting Languages, Security, Software/Web Development, Web Development, Ryan Naraine
Blog posts 2008-06-20
Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!
Alright, I'm just going to start out with a little background before I start, this particular research was so cool that I've been talking about it all day.  Reading this whitepaper, written by Mark Dowd, was as exciting to me as watching highlights of Michael Jordan sinking that winning shot,...
Tags: Research, Adobe Systems Inc., Blog, Blogging, Team Management, Internet, Management, Nathan McFeters
Blog posts 2008-04-16
Researchers pooh-pooh Mac OS X Leopard security
Researchers pooh-pooh Mac OS X Leopard securityYou should never rely on a software firewall...You should never, ever, rely on a software firewall for security. You should always have a hardware firewall.Software firewalls are some of the most ridiculous "security" features ever advertised. What good is a software firewall...
Tags: Firewalls, Network security, Cyberthreats, Apple Macintosh, Apple Mac OS, Heise, firewall, security, software firewall, Apple Inc., software, Apple Mac OS X
Discussion threads 2007-10-30
Researchers pooh-pooh Mac OS X Leopard security
The first independent reviews of the security enhancements in Mac OS X Leopard are in -- and they're not entirely pleasant for the folks in Cupertino. First up is Heise Security's takedown of the new application-based firewall in Leopard, which Apple promises will specify the behavior of...
Tags: Firewall, Apple Macintosh, Network, Leopard, Thomas Ptacek, Firewalls, Apple Mac OS X, Network Security, Apple Mac OS, Security, Operating Systems, Networking, Software, Ryan Naraine
Blog posts 2007-10-30
Target-Based TCP Stream Reassembly
In their landmark 1998 paper, "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection," Thomas Ptacek and Timothy Newsham exposed some weaknesses in Intrusion Detection Systems IDS. The authors revealed that intrusion detection systems cannot be effective and accurate because they do not necessarily process, or perhaps, even observe...
Tags: Sourcefire Inc., Intrusion Detection System, TCP, Tcp/Ip, Intrusion Detection, Networking, Network Security, Security
White papers 2007-08-03
Blue Pill Project extends VM rootkit cat-and-mouse tussle
LAS VEGAS - The intellectual cat-and-mouse tussle over hiding and finding virtual machine rootkits has hit a new gear with a team of researchers dismissing the notion of "100 percent undetectable" malware and the release of source code for a new "Blue Pill" rootkit.As previously reported, Thomas Ptacek, co-founder of...
Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat
Blog posts 2007-08-02
Hacker movements: Murphy joins Apple; Caceres to Matasano
LAS VEGAS - On the heels of Google's hire of browser hacking whiz Michal Zalewski comes news that another well-known vulnerability researcher is moving over to the vendor side.Matthew Murphy, an outspoken hacker who is credited with several major flaw discoveries, has confirmed he is joining Apple as a product...
Tags: Windows Vista, Vulnerability research, Viruses and Worms, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple
Blog posts 2007-08-01
Let users virtualize Vista because hypervisor rootkits are no threat
Ryan Naraine is on vacation. Guest editorial by Thomas Ptacek Several weeks ago, reports surfaced that the threat of super-sophisticated "hypervisor malware" was preventing Microsoft from allowing their Windows Vista Home Edition operating system from running within virtualization software. Now, Microsoft may have a lot of good reasons for restricting...
Tags: Windows Vista, Vulnerability research, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple
Blog posts 2007-07-05
Blue Pill hacker challenge update: It's a no-go
A quick update to the challenge handed down to hacker Joanna Rutkowska to prove that her Blue Pill technology creates "100% undetectable malware."Rutkowska says she is "ready to accept" the challenge but wants her two-person team to be paid $384,000 ($200 a day each for two people working full-time for...
Tags: Uncategorized
Blog posts 2007-06-29
Rutkowska faces '100% undetectable malware' challenge
At last year's Black Hat security conference, stealth malware researcher Joanna Rutkowska caused a stir with the introduction of Blue Pill, a new technology she claims can create malware that remains "100 percent undetectable."This year, a group of her peers will challenge Rutkowska to prove it, arguing that a...
Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Open source, Microsoft, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple
Blog posts 2007-06-27
  • << Previous
  • page 1 of 1
  • Next >>
advertisement
advertisement
Click Here