mitigations
BlackHat 2008, Day 2
The second day of BlackHat 2008 began with a keynote speech by Rod Beckstrom, the director of NCSC (the National Cyber Security Center.) Most of this consisted of painfully strained Civil War analogies and the overuse of the word “Cyber” to describe absolutely everything. He made some good points — specifically, that in [...]
BlackHat 2008, Day 1
Today was the first day of this year’s BlackHat Briefings in Las Vegas. The biggest security conference of the year, it’s always an interesting place to be and often involves the release of new and previously unknown exploits.
The keynote speaker was Ian Angell, of the London School of Economics, who was speaking, ostensibly, about [...]
The DNS Exploit Revealed… and used
So, Dan Kaminsky’s DNS exploit I previously mentioned has been revealed. It turns out that what Kaminsky found was pretty much what I speculated — he just had it put together into a coherent attack, and fully recognized the implications.
If I want to poison your DNS server, say, to redirect www.yourbank.com to my malicious [...]
The Mysterious DNS Exploit
On Tuesday, July 8th, Microsoft’s usual package of patches seemed to end-users like every other Patch Tuesday — some security updates to various and sundry Windows files to patch security vulnerabilities unknown. However, it contained something very unusual this time — a design change to DNS.
DNS has been around since the 1970’s, so people don’t [...]
Blacklists and Cross-Site Scripting
Microsoft gets a lot of criticism over Internet Explorer not being “standards-compliant.” However, it’s actually not so simple, for a variety of reasons. One of them is that the web itself is not very standards-compliant — while IE8 has a standards-compliant-browser mode, it has to offer an IE7 rendering fallback mode because most [...]
