Wednesday, July 30th, 2008
Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, July 29th, 2008
An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole.
The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Friday, July 25th, 2008
The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 24th, 2008
Metasploit, the information security research and hack tool kit, created by HD Moore, has released exploit code targeting the DNS Cache Poisoning Flaw, recently revealed by Dan Kaminsky, of DoxPara Research.
Evidently, reported at Wired’s ThreatLevel blog, the code can not be utilized to overwrite the domain name server cache data, ...
Posted in Internet, Networking, Privacy, Security | No Comments
Wednesday, July 23rd, 2008
One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.Several hackers are almost certainly already developing attack code for the bug, and it will most ...
Posted in Internet, Linux, Security, Software, Windows | No Comments
Tuesday, July 22nd, 2008
The bug has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker ...
Posted in Internet, Security | No Comments
Friday, July 18th, 2008
Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite ...
Posted in Internet, Security, Software | No Comments
Monday, July 14th, 2008
The exploit discovered by IOActive's Dan Kaminsky, takes advantage of a fundamental flaw in the DNS (Domain Name Server) protocol. Organizations should move quickly to patch vulnerable DNS servers against a flaw revealed last week. Dan Kaminsky said the bug can be exploited to redirect Internet traffic, but the problem ...
Posted in Internet, Security, Software | No Comments
Thursday, July 10th, 2008
On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its site. A reboot is required to complete installation.Since Tuesday, ZoneAlarm customers have complained ...
Posted in Internet, Privacy, Security, Software, Windows | No Comments
Thursday, July 10th, 2008
The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.
The program currently performs the following operations:
1. Get the host’s addresse (A ...
Posted in Internet, Privacy, Security | No Comments
