skip to main | skip to sidebar
Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills

Friday

Short Review of Blackhat DNS Webinar with Dan Kaminsky



Nate over at the Zero Day Blog has a small review of the Blackhat Webinar with Dan Kaminsky. In case you couldn't follow it, have a look at it.

Just want to mention that through the use of Dan's tool at doxpara.com, he was still seeing 52% of DNS servers being tested were still vulnerable. Don't make us repeat ourselves.

  • Metasploit releases DNS cache poisoning exploit (part 2)
  • Metasploit releases DNS cache poisoning exploit (part 1)
  • NOW is the time to patch those unpatched DNS servers. Details have leaked. (updated)
  • Dan Kaminsky Blackhat Webcast on the DNS vulnerability on the 24th of July (updated)
  • More on the DNS vulnerability
  • Warning: details multi vendor DNS cache poisening flaws released (updated)
(Photo under Creative Commons from mac steve's Photostream)

Posted by Security4all at 25.7.08

Labels: Drive-by, pharming, phishing, vulnerability

0 comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

About this blog

This Blog's main focus is to have a place to keep an overview on recent and useful information security news combined with a small interest in presentation skills, productivity and other random thoughts. You can contact us through email here

"Without Knowledge, Skill cannot be focused. Without Skill, Strength cannot be brought to bear and without Strength, Knowledge may not be applied."

Proud member of Security Bloggers Network, a FeedBurner Network.

Fingerprint:
16BD 01DD DD08 1144 48DF 4464 D3FB 8E48 B68C F245

Me 2.0

LinkedIN
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Delicious
Flickr

Add to Technorati Favorites TwitterCounter for @security4all

Subscribe to this blog

Security4all

↑ Grab this Headline Animator

Upcoming Security Conferences

Security Database Tools Watch

Loading...

Security Bloggers Network

Loading...

digg / security4all / history

Loading...

Blog Archive

  • ►  2012 (1)
    • ►  February 2012 (1)
      • New PGP key
  • ►  2011 (7)
    • ►  September 2011 (1)
      • The unofficial BruCON party guide (plz RT)
    • ►  August 2011 (2)
      • Help improve the CISSP community. Support Wim.
      • How to follow #Blackhat / #Defcon / #BsidesLV with...
    • ►  February 2011 (4)
      • Are you a pentester? Then read this!
      • The Dutch National Cyber Security Strategy
      • When a CERT has to break the law
      • Threat Whitepapers of the week to read
  • ►  2010 (17)
    • ►  July 2010 (2)
      • #blackhat day 1: my small collection of articles, ...
      • How to follow #Blackhat / #Defcon / #BsidesLV with...
    • ►  June 2010 (1)
      • Wikileaks needs YOUR help!!
    • ►  March 2010 (10)
      • Hacking = Innovation
      • Three strike law threatening Belgium and "The Inte...
      • The media spinwheel on the word Hacker. My rant of...
      • International day against censorship
      • Internet-able touchscreens for Belgian Hospitalbed...
      • IE6 & IE7 zero day published in Microsoft Security...
      • Some great whitepapers on the Aurora attacks
      • Time to step up your Acrobat Reader patching. Atta...
      • Hackerspace Ghent (Whitespace or 0x20) will have t...
      • The Icelandic Modern Media Initiative addresses th...
    • ►  February 2010 (2)
      • Call for Papers: BruCON 2010, 24-25 September
      • Hackerspace Antwerp in bootstrap mode
    • ►  January 2010 (2)
      • The date for the Hackerspace Antwerp Startup Meeti...
      • Download the #26C3 videos and bonus material
  • ►  2009 (95)
    • ►  December 2009 (2)
      • Discussing about Hackerspace Antwerp
      • #26C3 Mobile Schedule for Android and iPhone
    • ►  October 2009 (6)
      • Ways to bypass the Big Belgian firewall
      • Sign against Dataretention - bewaarjeprivacy.be
      • Automated Social Networking Surveillance Systems
      • Privacy and the 'Belgian Mobility Card' (BMC)
      • Flu epidemic already announced in Belgium
      • Null character MITM Certificate released
    • ►  September 2009 (4)
      • Security bloggers meetup London @ RSA
      • SMBv2 exploit for Vista and Server 2008 released
      • CERT.be is hiring
      • International Action Day “Freedom not Fear 2009 – ...
    • ►  August 2009 (4)
      • Possible 0-day in IIS5 and IIS6 FTP (updated x3)
      • HAR2009: where to get the presentation videos
      • Collection of Defcon 17 articles, videos, pictures...
      • Get the #DEFCON 17 CD Archive (updated x2)
    • ►  July 2009 (15)
      • Day 2: A collection of #Blackhat articles: keeping...
      • BlackHat slides available and first blogposts
      • IE Killbits don't work, or why MS released an OOB ...
      • Microsoft July 2009 Out-of-Band Releases
      • How to follow Blackhat/Defcon without being there
      • Preparing your laptop (or iPhone) for a security/h...
      • Remote root exploit in DD-WRT httpd daemon.
      • 0-Day in Adobe Flash, also executable from Acrobat...
      • Nmap 5.00 Released with new additions: ndiff, ncat...
    • ►  June 2009 (6)
    • ►  April 2009 (1)
    • ►  March 2009 (11)
    • ►  February 2009 (27)
    • ►  January 2009 (19)
  • ▼  2008 (583)
    • ►  December 2008 (22)
    • ►  November 2008 (49)
    • ►  October 2008 (31)
    • ►  September 2008 (39)
    • ►  August 2008 (41)
    • ▼  July 2008 (67)
      • Download the videos from The Last HOPE hacker conf...
      • F-Secure Reverse Engineering Challenge
      • Midsummer Night's Dream: 2008 papers released from...
      • Did the DNS attacks begin? (part 2) - Fact or myth...
      • How Twitter got pwned in 2 hours
      • Backtrack T-shirts for Europe and a hint about Bac...
      • After WhatTheHack2005 (WTH), we present you: HAR20...
      • Poor software update mechanisms and DNS Cache Pois...
      • Did the DNS attacks begin?
      • Gmail adds another security feature: "https" confi...
      • The Dark Visitor Blog now also has a podcast. Go a...
      • Recorded Blackhat webcast with Dan Kaminsky now on...
      • Download Security Engineering - The Book
      • Microsoft Security Advisory (956187): Increased Th...
      • Govcert.NL publishes "The Kaminsky Code" Factsheet...
      • Don't forget. It's System Administrator Appreciati...
      • Skype backdoor speculation and Data surveillance o...
      • NIST SP 800-55 Rev 1: Performance Measurement Guid...
      • Short Review of Blackhat DNS Webinar with Dan Kami...
      • The DNS flaw overview in poem form
      • The BELNET CERT newletters and patched DNS servers...
      • Metasploit releases DNS cache poisoning exploit (p...
      • Metasploit releases DNS cache poisoning exploit (p...
      • Updated SQL injection list and some Belgian websit...
      • NOW is the time to patch those unpatched DNS serve...
      • A complete list of security livecd distributions
      • Barclay Simpson’s 2008 Information Security Market...
      • Social engineering at work. Some videos from The L...
      • Twitter and some of the best Tweets from The Last ...
      • Tune into The Last Hope Conference, an online Stre...
      • Princeton Cold Boot Attack Tool Source Code posted...
      • Insecurity, a selfmade hacker movie and a list of ...
      • Why you should upgrade to Truecrypt 6.0. A researc...
      • How to follow The Last HOPE conference without bei...
      • Root password for BackTrack, DVL and other LiveCDs...
      • Another patch round: Oracle, Wordpress, Firefox, A...
      • Podcast: Blue Box #80: VoIPShield vulnerabilities,...
      • VMware ESX and Virtualcenter Security Hardening Gu...
      • Hack.lu 2008 registrations are open. Register now ...
      • Dan Kaminsky Blackhat Webcast on the DNS vulnerabi...
      • Hack yourself: Why do we need enough sleep?
      • The use of LinkedIN by Belgian CEOs
      • LinkedIN launches search function for groups
      • Security Questions to ask to review your potential...
      • Hack yourself: How much sleep do you need?
      • Cybercrime statistics released by Belgian Governme...
      • Symantec July State of Spam Report
      • Fun: l33t, the breakfast for 1337 Haxxors
      • Anti-XSS in Internet Explorer 8
      • IT Security Resources (for the higher education co...
      • NIST publications: Bluetooth Security & Applicatio...
      • More on the DNS vulnerability
      • Office Word 2002 SP3 Zero day revealed
      • SSL Guardian will detect weak SSL certificates in ...
      • New security feature in Gmail; access logs
      • Details on the iPhone 3G release in Belgium and so...
      • Warning: details multi vendor DNS cache poisening ...
      • New NIST publications: SSL VPNs and Cell Phone & P...
      • Truecrypt 6.0 released
      • Presentations: How to set up the room
      • Creating powerful presentations: Some advice and a...
      • Online Tool to test SSL certificates
      • FCCU Linux Forensics Livecd version 12
      • The next big storm: outdated browsers and plugins
      • Netgear provides alternative opensource router
      • Free ebook: Security Manager's Guide to Video Surv...
      • 25th Chaos Communication Congress: Call for Partic...
    • ►  June 2008 (51)
    • ►  May 2008 (70)
    • ►  April 2008 (76)
    • ►  March 2008 (53)
    • ►  February 2008 (46)
    • ►  January 2008 (38)
  • ►  2007 (571)
    • ►  December 2007 (42)
    • ►  November 2007 (45)
    • ►  October 2007 (74)
    • ►  September 2007 (94)
    • ►  August 2007 (69)
    • ►  July 2007 (72)
    • ►  June 2007 (53)
    • ►  May 2007 (47)
    • ►  April 2007 (46)
    • ►  March 2007 (29)

Disclaimer

This is a personal blog. The views and opinions expressed here are those of myself only and in no way represent the views or positions or opinions of my former, current, or future employers, clients, or associates.

All content provided is for the purpose of general information and for educational purposes only. It should NOT be construed as professional advice or guidance, and is not an offer of service or products. The information in this weblog is provided “AS IS” with no warranties. Use at own risk.

All trademarks and copyrights on this blog are owned by their respective owners.

Feel free to disagree with me, but I reserve the right to refuse any comment for any reason whatsoever.

This blog is licensed under a Creative Common Attribution-NonCommercial-ShareAlike License.


Bloggers' Rights at EFF

 
This blog is licensed under a Creative Common Attribution-NonCommercial-ShareAlike License .