Wednesday, August 6th, 2008
In my recent Editors' Notes post on Consumer Reports' recommendation that Mac users dump Safari because the Apple browser lacks the anti-phishing tools of Firefox and Opera, I focused on behavioral changes one can make that minimize the risks of phishing attempts. I didn't, however, discuss a relatively simple configuration ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, July 30th, 2008
Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, July 29th, 2008
An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole.
The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Friday, July 25th, 2008
The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 24th, 2008
Metasploit, the information security research and hack tool kit, created by HD Moore, has released exploit code targeting the DNS Cache Poisoning Flaw, recently revealed by Dan Kaminsky, of DoxPara Research.
Evidently, reported at Wired’s ThreatLevel blog, the code can not be utilized to overwrite the domain name server cache data, ...
Posted in Internet, Networking, Privacy, Security | No Comments
