DNS

In response to the recent DNS problems on the Internet I had earlier suggested changing some network configuration parameters to use the free OpenDNS service.

As I did this myself for a number of machines that I maintain, the question arose of verifying the change. That is, how can someone, particularly a non-technical computer user, ensure that their computer is configured to use OpenDNS?

This is, it turns out, remarkably easy.

Go to www.opendns.com. At the top of the home page, just under the tabs, there will be a message whose content depends on whether the computer is … Read more

MessageLabs revealed that an intricate flaw in the underlying design of the Internet's DNS (domain name system) protocol is still vulnerable several weeks after patches were made available. Elinor Mills, who covers security for CNET News, explains what's going on.

Why in the world would Microsoft make available a free--and very cool--digital photo-viewing technology? Josh Lowensohn of Webware, who has been testing the new tool, offers his take.

Still having a rotten time with parallel parking? Well, if you have deep pockets--and I mean really deep pockets, have I got the car for you.

A fatal flaw with the DNS (Domain Name System) is being exploited in Internet attacks and more attacks are likely, the security researcher who discovered the flaw said on Thursday.

"I do think we are going to see attacks. I think we have been seeing attacks already going on in the field," said Dan Kaminsky, director of penetration testing for IOActive, who warned the industry about the DNS vulnerability nearly five months ago. "We're doing everything we can to mitigate and reduce its incidence."

Kaminsky mentioned a DNS-related incident with China Netcom (possibly the incident … Read more

The discussion to date about the latest DNS problem has been from the point of view of an end user, someone browsing Web sites. But there is another aspect to the DNS problem, one that concerns owners of Web sites.

This is discussed in a report from the IANA (Internet Assigned Numbers Authority), called Frequently Asked Questions on Cache Poisoning and Cross Pollination. The topic is a bit nerdy, so I'll try to explain it simply.

Some DNS server computers talk to you and me, while others talk to their fellow DNS servers. The DNS servers run by your … Read more

Why buy the Lordship when you can just choose the title from the drop-down? Also on the show today, Black Hat 2008 shatters our faith in all that is technology (just like it does every year), and we engage in a lively discussion about the relative crappiness of the applications on the App Store, as well as the moral ramifications of Apple being able to nuke those crappy applications remotely.

Times Online: 'Fakeproof' e-passport is cloned in minutes http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

Black Hat: DNS … Read more

LAS VEGAS--Speaking before a packed audience, researcher Dan Kaminsky explained the urgency in having everyone patch their systems: virtually everything we do on the Internet involves a Domain Name System request and therefore is vulnerable.

Expectations were running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always … Read more

Security researcher Dan Kaminsky has offered more details about a fundamental flaw in the Domain Name System and the extent of the vulnerability.

In a presentation at the Black Hat security conference in Las Vegas on Wednesday, Kaminsky gave details of how a successful DNS cache poisoning attack could be launched by taking advantage of the flaw.

Kaminsky explained that transaction IDs, which are supposed to prevent "bad guys" from assigning their own IP address numbers to any domain, are ineffective as security measures. An attacker could flood a DNS server with multiple, slightly varied requests for a … Read more

LAS VEGAS--Black Hat 2008 is bigger, and some might say better. Occupying most of the third and fourth floors of the convention hall at Caesars Palace, the conference started on Saturday with two- and four-day training sessions that continue through Tuesday.

The "public" part of Black Hat runs Wednesday and Thursday and features speakers in 15 separate tracks. One of the tracks will consist of Turbo talks of 20 minutes each. After those, there will an opportunity for the audience to talk with some of the speakers in a another room.

Wednesday starts with a bang with … Read more

Apple released a security update Thursday to users of its Tiger and Leopard operating systems to address a critical and well-publicized Domain Name System flaw, along with a dozen other updates.

The DNS flaw, which was first reported by Dan Kaminsky of IOActive on July 8, could allow attackers to redirect Web site visitors to any site they choose and present forged information. The DNS translates the common name of a Web site into its numerical IP address, and is therefore a fundamental component to the Internet.

During the second pre-Black Hat security conference Webinar on July 24, Kaminsky provided … Read more