Jerry Dixon posts - Security

July 24, 2008 6:10 AM PDT

As of Wednesday, an exploit code allowing someone to attack the domain name system (DNS) was available in various places on the Internet.

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky's plea that a security flaw such as this be kept a secret. Flake then proceeded to lay out what he thought the flaw was. Turns out, he was right and laid the foundation for others to create and publicize an exploit.

On Thursday, Kaminsky will be a guest on the second Black Hat Webinar. This is the second of what is hoped to be a monthly series produced by the conference. Kaminsky will be joined by Jerry Dixon, former director of the Department of Homeland Security's cybersecurity division; Rich Mogull, founder of Securosis; and Joao Damas, a senior program manager at the Internet Systems Consortium. The Webinar begins at 1 p.m. PT.

To see if your connection to the Internet is vulnerable to DNS cache posioning, use this test on Kaminsky's site. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable.

Topics:: News

Tags:: security,; DNS,; Dan Kaminsky,; Black Hat,; Jerry Dixon,; Rich Mogul,; Joao Damas,; Halvar Flake,; Neal Krawetz

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

The Download Blog
Extensions return to Chrome dev for Mac
Once more, extension support is activated in the Google Chrome developer's build for Mac OS X. Windows and Linux builds get attention, too.
Gallery
Navteq laser vision's view of the world (images)
The Open Road
Should enterprise IT piggyback on consumer Web?
Enterprise software is notoriously expensive and complex, while the consumer Web is the exact opposite. Should software vendors start borrowing Web infrastructure?
2010 CES
Microsoft's Bach on Courier, Natal, tablets, and phones
In an interview, the president of Microsoft's entertainment unit answers some (but not all) of our questions on what Microsoft has cooking on the consumer hardware front.
Video
Nexus One: The big reveal (video)
The Digital Home
Nielsen: Broadband use up, users more social
Survey company's latest findings show average Web users are most often on a broadband connection. And over the past year, they've been going social.
Video
Hands on with Google's Nexus One (video)
Digital Media
Baidu launching online-video company
Chinese search provider Baidu to create new company to provide premium online video, trying to satisfy growing demand among users in China for high-quality video.
The Space Shot
Shuttle Endeavour readying for February launch
Shuttle moved to launch pad 39A Wednesday for a planned February 7 liftoff on a space station assembly mission, the first of a final five flights planned for 2010.
Gallery
Unboxing the Nexus One (photos)
2010 CES
Fujitsu Lifebook UH900 hands-on: Pocketbook laptop
The world's smallest multitouch laptop is also quite a bit of an investment.
Green Tech
Qinyuan seeks to boost electric car sales in U.S.
The first Chinese automaker to break into the U.S. hopes to boost sales of its electric models in the world's second-largest market this year.