-
December 1st, 2008, 07:36 PM
#1
DNS Flaw A-Team: Kaminsky and Co.
Wired has put together an interesting profile on some of the personalities and events behind this year's DNS brouhaha...
Secret Geek A-Team Hacks Back, Defends Worldwide Web - Wired
Then last January, on a drizzly Sunday afternoon, he flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages.
Suddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain. The server didn't know that the Web page didn't exist—it was listening to Kaminsky now, as if it had been hypnotized.
A neat read!
-
December 6th, 2008, 02:54 AM
#2
In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcut—an elegant exercise hack—so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow.
This was the only interesting part. I would have ended the article at that.
Similar Threads
-
By t34b4g5 in forum Security News
Replies: 10
Last Post: July 28th, 2008, 08:11 AM
-
By s0nIc in forum Miscellaneous Security Discussions
Replies: 2
Last Post: January 24th, 2003, 11:21 AM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|