Comcast puts a cap on Net usage http://www.bizjournals.com/portland/stories/2008/08/25/daily35.html … Read more
Researchers at Carnegie Mellon University have released an extension for Firefox 3 that can protect wireless network users from so-called "man-in-the-middle" attacks.
The software, dubbed "Perspectives," is available for download for free.
Perspectives also protects against attacks that exploit a recently exposed flaw in the DNS system, which translates Web addresses into numerical IP addresses, said Dave Andersen, a computer science professor at Carnegie Mellon who was an adviser on the Perspectives project.
In an attack on the DNS system, someone typing in a legitimate Web address could be redirected to a malicious site without knowing … Read more
In response to the recent DNS problems on the Internet I had earlier suggested changing some network configuration parameters to use the free OpenDNS service.
As I did this myself for a number of machines that I maintain, the question arose of verifying the change. That is, how can someone, particularly a non-technical computer user, ensure that their computer is configured to use OpenDNS?
This is, it turns out, remarkably easy.
MessageLabs revealed that an intricate flaw in the underlying design of the Internet's DNS (domain name system) protocol is still vulnerable several weeks after patches were made available. Elinor Mills, who covers security for CNET News, explains what's going on.
Why in the world would Microsoft make available a free--and very cool--digital photo-viewing technology? Josh Lowensohn of Webware, who has been testing the new tool, offers his take.
Still having a rotten time with parallel parking? Well, if you have deep pockets--and I mean really deep pockets, have I got the car for you.Listen now: … Read more
A fatal flaw with the DNS (Domain Name System) is being exploited in Internet attacks and more attacks are likely, the security researcher who discovered the flaw said on Thursday.
"I do think we are going to see attacks. I think we have been seeing attacks already going on in the field," said Dan Kaminsky, director of penetration testing for IOActive, who warned the industry about the DNS vulnerability nearly five months ago. "We're doing everything we can to mitigate and reduce its incidence."
Kaminsky mentioned a DNS-related incident with China Netcom (possibly the incident … Read more
The discussion to date about the latest DNS problem has been from the point of view of an end user, someone browsing Web sites. But there is another aspect to the DNS problem, one that concerns owners of Web sites.
This is discussed in a report from the IANA (Internet Assigned Numbers Authority), called Frequently Asked Questions on Cache Poisoning and Cross Pollination. The topic is a bit nerdy, so I'll try to explain it simply.
Some DNS server computers talk to you and me, while others talk to their fellow DNS servers. The DNS servers run by your … Read more
Why buy the Lordship when you can just choose the title from the drop-down? Also on the show today, Black Hat 2008 shatters our faith in all that is technology (just like it does every year), and we engage in a lively discussion about the relative crappiness of the applications on the App Store, as well as the moral ramifications of Apple being able to nuke those crappy applications remotely.Listen now: Download today's podcast EPISODE 783
Times Online: 'Fakeproof' e-passport is cloned in minutes http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
Black Hat: DNS … Read more
LAS VEGAS--Speaking before a packed audience, researcher Dan Kaminsky explained the urgency in having everyone patch their systems: virtually everything we do on the Internet involves a Domain Name System request and therefore is vulnerable.
Expectations were running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.
Security researchers always … Read more
Security researcher Dan Kaminsky has offered more details about a fundamental flaw in the Domain Name System and the extent of the vulnerability.
In a presentation at the Black Hat security conference in Las Vegas on Wednesday, Kaminsky gave details of how a successful DNS cache poisoning attack could be launched by taking advantage of the flaw.
Kaminsky explained that transaction IDs, which are supposed to prevent "bad guys" from assigning their own IP address numbers to any domain, are ineffective as security measures. An attacker could flood a DNS server with multiple, slightly varied requests for a … Read more
LAS VEGAS--Black Hat 2008 is bigger, and some might say better. Occupying most of the third and fourth floors of the convention hall at Caesars Palace, the conference started on Saturday with two- and four-day training sessions that continue through Tuesday.
The "public" part of Black Hat runs Wednesday and Thursday and features speakers in 15 separate tracks. One of the tracks will consist of Turbo talks of 20 minutes each. After those, there will an opportunity for the audience to talk with some of the speakers in a another room.
Wednesday starts with a bang with … Read more