dns

Thirteen days after Dan Kaminsky asked his fellow security researchers not to speculate on the details of his DNS flaw, a fellow Black Hat researcher published his own speculation, and apparently got it right.

On July 8, IOActive researcher Kaminsky disclosed a flaw in the Domain Name System (DNS), but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured it would take about 30 days for that to happen. The 30-day mark also just happened to coincide with his speaking engagement at Black Hat in Las … Read more

What's a fairly dull service yet manages to pull in $20,000 each day by serving up ads? No, it's not Google, but it's one of those services that make me say, "Dang! I wish I would have thought of that!"

It's OpenDNS. It's a service that speeds up browsing while protecting its users from phishing and other malware sites.

Despite the name, no, OpenDNS is not open source. It's the kind of service, however, that doesn't rely on proprietary source. OpenDNS makes money by serving up ads. More pertinently to … Read more

Below is a transcript of my interview with Dan Kaminsky. The podcast can be heard here.

Me: You mentioned that you didn't expect to discover this particular vulnerability, the DNS vulnerability. What goes through your mind when you hit upon something that you think might be a vulnerability?

Dan Kaminsky: If you look at lot of my research I'm generally looking for interesting capabilities that are within the system. So really what goes through my mind when I find some new interesting capability with the system and just unfortunately the reality of things is, I can do X. … Read more

Programming note: As of Friday, July 11, 2008, Defense in Depth will now only carry my weekly column plus additional commentary on the state of computer security. My security news blogs will instead appear under the CNET News Security banner going forward. And my CNET News Security Bites podcasts can be found at here. All of these can be subscribed to via RSS.

While security researcher Dan Kaminsky still won't comment on the specific nature of a flaw within the Domain Name System--for fear that criminal hackers might exploit it before the worldwide network of name servers worldwide … Read more

In the middle of a flood of news surrounding a serious vulnerability within the fundamental structure of the Domain Name System (DNS) is the story of how researcher Dan Kaminsky chose to handle his discovery and, hopefully, it's mitigation. What Kaminsky did was coordinate several vendors in a multiparty, simultaneous release of a patch--a patch that he feels doesn't lend itself to easy reverse engineering.

For the moment, Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft … Read more

On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.

The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its site. A reboot is required to complete installation.

Since Tuesday, ZoneAlarm customers have complained that access to the Internet was denied after installing MS08-037, a patch designed by Microsoft to correct a vulnerability in both the client and server Domain Name System packages within Windows. Earlier on Tuesday, a security researcher announced a massive, multi-vendor patch release to address … Read more

Yesterday, was Patch Tuesday and a bug fix released by Microsoft caused a problem for ZoneAlarm firewall users - they could no longer get online. Oops. Except, if they followed the advice offered earlier on this blog, which is to wait until Thursday or Friday before installing the patches Microsoft releases on Tuesday. This is exactly the sort of situation for which that advice was intended.

On July 2nd, I wrote about Flagfox, a Firefox extension that displays a small flag in the corner of the browser window. Three days later I expanded on this saying that Flagfox can serve … Read more

Check Point Software Technologies, maker of ZoneAlarm, on Wednesday said it is working with Microsoft to resolve an issue with one of the patches within the software maker's July 2008 Patch Tuesday release.

At issue is the Microsoft Update KB951748 (MS08-037) from Microsoft, which addresses the flaw in DNS made public on Tuesday by security researcher Dan Kaminsky.

For ZoneAlarm customers who have automatic update selected for Windows Updates, and whose ZoneAlarm Internet security level is set to "high," they will experience a loss of Internet connectivity upon reboot.

ZoneAlarm users without automatic update may wish to … Read more

On Tuesday, security researcher Dan Kaminsky of IO Active calmly explained in a conference call with security reporters how he first stumbled upon a pervasive flaw deep within the Domain Name System (DNS), a series of servers used to translate common Internet names to IP addresses. Kaminsky said he wasn't even looking for a security vulnerability. What he found, however, could explain how criminal hackers have been able to redirect DNS queries recently.

What he did next is remarkable: he waited. Instead of selling the vulnerability to a company like TippingPoint through its program Zero Day Initiative, wherein the … Read more