December 1st, 2008 06:36 PM
DNS Flaw A-Team: Kaminsky and Co.
Wired has put together an interesting profile on some of the personalities and events behind this year's DNS brouhaha...
Secret Geek A-Team Hacks Back, Defends Worldwide Web - Wired
A neat read!
Then last January, on a drizzly Sunday afternoon, he flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages.
Suddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain. The server didn't know that the Web page didn't exist—it was listening to Kaminsky now, as if it had been hypnotized.
December 6th, 2008 01:54 AM
This was the only interesting part. I would have ended the article at that.
In June 2005, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcut—an elegant exercise hack—so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow.
By t34b4g5 in forum Security News
Last Post: July 28th, 2008, 08:11 AM
By s0nIc in forum Miscellaneous Security Discussions
Last Post: January 24th, 2003, 10:21 AM
Tags for this Thread