DNS poisoners hijack typo domains

Friday, August 22nd, 2008

Websense, the security services provider, has reported a successful case of cache poisoning on name servers of one of the largest Chinese ISPs. Netcom customers are said to have been steered by criminals to manipulated pages on which exploits for RealPlayer, MS Snapshot Viewer, Adobe Flash Player and Microsoft Data ...

Black Hat 2008: Dan Kaminsky

Saturday, August 16th, 2008

http://www.youtube.com/watch?v=R-SSVxsH7vw Source: http://www.youtube.com/watch?v=R-SSVxsH7vw

Surf Jack – HTTPS will not save you

Monday, August 11th, 2008

Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks ...

An Illustrated Guide to the Kaminsky DNS Vulnerability

Sunday, August 10th, 2008

The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.This all led to a mad dash to patch DNS servers worldwide, ...

DNS flaw is so big it puts every network at risk

Thursday, August 7th, 2008

A recently found flaw in the internet's addressing system is worse than first feared, so Dan Kaminsky said when speaking publicly about his discovery at the Black Hat conference in Las Vegas.He said fixes for the flaw in the net's Domain Name System (DNS) had focused on web browsers but ...