Thursday, August 7th, 2008
A recently found flaw in the internet's addressing system is worse than first feared, so Dan Kaminsky said when speaking publicly about his discovery at the Black Hat conference in Las Vegas.He said fixes for the flaw in the net's Domain Name System (DNS) had focused on web browsers but ...
Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Thursday, August 7th, 2008
A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.Considering the silent nature of the attack and the sensitive nature ...
Posted in Internet, Networking, Privacy, Security | No Comments
Thursday, August 7th, 2008
Perhaps more than any other flaw in the last several years, the DNS protocol vulnerability discovered by security researcher Dan Kaminsky has shown that the circle of trust on the Internet can be broken more easily than we feared.After listening to Kaminsky’s talk Aug. 6 at the Black Hat conference ...
Posted in Internet, Networking, Privacy, Security | No Comments
Wednesday, August 6th, 2008
In my recent Editors' Notes post on Consumer Reports' recommendation that Mac users dump Safari because the Apple browser lacks the anti-phishing tools of Firefox and Opera, I focused on behavioral changes one can make that minimize the risks of phishing attempts. I didn't, however, discuss a relatively simple configuration ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, July 30th, 2008
Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, July 29th, 2008
An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole.
The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Friday, July 25th, 2008
The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 24th, 2008
Metasploit, the information security research and hack tool kit, created by HD Moore, has released exploit code targeting the DNS Cache Poisoning Flaw, recently revealed by Dan Kaminsky, of DoxPara Research.
Evidently, reported at Wired’s ThreatLevel blog, the code can not be utilized to overwrite the domain name server cache data, ...
Posted in Internet, Networking, Privacy, Security | No Comments
Wednesday, July 23rd, 2008
One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.Several hackers are almost certainly already developing attack code for the bug, and it will most ...
Posted in Internet, Linux, Security, Software, Windows | No Comments
Tuesday, July 22nd, 2008
The bug has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker ...
Posted in Internet, Security | No Comments
