Information Security News mailing list archives
Re: Shocker DNS spoofing vuln discovered three years ago by a student
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 Jul 2008 04:35:20 -0500 (CDT)
Forwarded from: jf <jf (at) danglingpointers.net> and 3 years before that djb pointed it out as well, its not coincidence that djbdns was not vulnerable. http://cr.yp.to/djbdns/forgery-cost.txt http://cr.yp.to/talks/2003.02.11/slides.pdf On Thu, 10 Jul 2008, InfoSec News wrote:
Date: Thu, 10 Jul 2008 03:25:36 -0500 (CDT) From: InfoSec News <alerts (at) infosecnews.org> To: isn (at) infosecnews.org Subject: [ISN] Shocker DNS spoofing vuln discovered three years ago by a student http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/ By John Leyden The Register 9th July 2008 A flaw in how the internet's addressing system works that sparked a patching frenzy on Tuesday night may has first been uncovered by a student as long as three years ago. Shortcomings in how the Domain Name System protocol is implemented by multiple vendors facilitate DNS cache poisoning attacks, security clearing house US CERT warned on Tuesday. Successful exploitation of these security shortcomings creates a means for hackers to spoof DNS replies, allowing for the redirection of network traffic or to mount man-in-the-middle attacks.
_______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
Current thread:
- Re: Shocker DNS spoofing vuln discovered three years ago by a student InfoSec News (Jul 11)