DNS flaw is so big it puts every network at risk

Thursday, August 7th, 2008

A recently found flaw in the internet's addressing system is worse than first feared, so Dan Kaminsky said when speaking publicly about his discovery at the Black Hat conference in Las Vegas.He said fixes for the flaw in the net's Domain Name System (DNS) had focused on web browsers but ...

Major Internet security flaw also affects e-mail

Thursday, August 7th, 2008

A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.Considering the silent nature of the attack and the sensitive nature ...

DNS Flaw Underscores Danger of Taking Web Security for Granted

Thursday, August 7th, 2008

Perhaps more than any other flaw in the last several years, the DNS protocol vulnerability discovered by security researcher Dan Kaminsky has shown that the circle of trust on the Internet can be broken more easily than we feared.After listening to Kaminsky’s talk Aug. 6 at the Black Hat conference ...

More Ways to Protect Yourself From Phishing

Wednesday, August 6th, 2008

In my recent Editors' Notes post on Consumer Reports' recommendation that Mac users dump Safari because the Apple browser lacks the anti-phishing tools of Firefox and Opera, I focused on behavioral changes one can make that minimize the risks of phishing attempts. I didn't, however, discuss a relatively simple configuration ...

DNS Cache Poisoning Issue Update

Wednesday, July 30th, 2008

Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was ...

Security researcher publishes exploit toolkit

Tuesday, July 29th, 2008

An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole. The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher ...

Fortify Your Internet Security Settings Now

Friday, July 25th, 2008

The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of ...

Metasploit Releases DNS Explot Code

Thursday, July 24th, 2008

Metasploit, the information security research and hack tool kit, created by HD Moore, has released exploit code targeting the DNS Cache Poisoning Flaw, recently revealed by Dan Kaminsky, of DoxPara Research. Evidently, reported at Wired’s ThreatLevel blog, the code can not be utilized to overwrite the domain name server cache data, ...

Attack code imminent for DNS flaw

Wednesday, July 23rd, 2008

One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.Several hackers are almost certainly already developing attack code for the bug, and it will most ...

Details of Major Internet Flaw Posted by Accident

Tuesday, July 22nd, 2008

The bug has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker ...