Archive for July, 2008

The DNS Exploit Revealed… and used

So, Dan Kaminsky’s DNS exploit I previously mentioned has been revealed. It turns out that what Kaminsky found was pretty much what I speculated — he just had it put together into a coherent attack, and fully recognized the implications. If I want to poison your DNS server, say, to redirect www.yourbank.com to my malicious […]

attacks, mitigations

The Mysterious DNS Exploit

On Tuesday, July 8th, Microsoft’s usual package of patches seemed to end-users like every other Patch Tuesday — some security updates to various and sundry Windows files to patch security vulnerabilities unknown.  However, it contained something very unusual this time — a design change to DNS. DNS has been around since the 1970’s, so people […]

attacks, mitigations