Some related posts from Technorati and Google.

 [Free Computer Repair Help Online] Are you safe?: Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet's design that, in one case, allowed hackers to reroute some computer users in Texas to a fake Google.com site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks.

 [Nuclear and Indigenous Items of Interest] Net address bug worse than feared: DNS attacks are not new but Mr Kaminsky is credited with discovering a way to link some widely known weaknesses in the system so that the attack now takes seconds instead of days or hours.

 [The Cotton Club] Hackers Exploit DNS: DNS attacks aren’t new. But Kaminsky discovered a way to link together some widely known weaknesses in the system, so that an attack that would have taken hours or days can now take only seconds.

[Press Release Distribution - NewsWire- Caymanmama] Internet needs plumbing to fix leaks - Flaws that make internet ...: During the Black Hat Hacker’s Conference in Las Vegas about his latest discovery, Kaminsky told participants about the bug he found in the Internet’s basic infrastructure that allows hackers to force people to use other websites which they don’t want to use and also hack e-mail messages. He pointed out the vulnerability in the Internet’s design that allows hackers to redirect internet users to other web pages, which is exactly like turning street signs around forcing drivers to use different directions and go to places they don’t want to go.

 [venturebeat] Black Hat: An interview with Dan Kaminsky, the DNS dude who saved ...: Infrastructure that can be patched in eight hours instead of 90 days will be more likely to survive an attack. The difference between a random hacker and the security professional is the awareness of disaster planning and mitigation.

 [No-Competition.net | Injecting Music Into The Web] DNS flaw causes security scramble: Integralis explained that the quickest way to stop the security breach is to install a product that will use the root DNS servers and only trust authoritative name servers, thereby addressing the vulnerability for all email and internet traffic.

 [Open Source Information News] Internet Poisoning' Opens Corporate Networks Security ...: DNS Cache Poisoning - is a hacking attack technique that allows an attacker to introduce fake' DNS information into a caching nameserver (a computer that converts domain names into appropriate IP addresses and vice versa acting as the translation and routing interface for email servers and web browsers). The same poisoned' DNS information can also be held on a workstation if DNS caching is also set up at a workstation level.

[Kim Cameron's Identity Weblog] Crypto flaw + bad practices = need for governance: Let’s get real.  None of what went wrong here was in any way specific to OpenID.  The weakness would have struck any application that relied on crypto and was built on Debian Linux and operated in the same way.  This includes SSL, which for some reason doesn’t get singled out.  And it applies to SAML, WS-Trust and PKI  (e.g. any of the security-based identity protocols).  Is OpenID a convenient straw man? 

 [BlogSchmog] Closing Open Tabs: Hackers exploit autofollow feature””this also references a nice new Twitter security blog, TwitPwn, by Aviv Raff, a forensics researcher at RSA; Monitter widget””A kickin’ search interface for Twitter.

 [Wired: Threat Level] Details of DNS Flaw Leaked; Exploit Expected by End of Today: What Dan doesn't have is the command line porttest, which lets you specify the DNS server to be tested. That's only available on the dns-oarc.net site (to my knowledge - corrections welcome!)

[Myinternetlive Computer Blog] IPv6 Training (Cisco) Enabling Telnet on an IPv6 Router and ...: And though many had thought that SSL connections were impervious to this attack, Kaminsky also showed how even the SSL certificates used to confirm the validity of Web sites could be circumvented with a DNS attack. The problem, he said, is that the companies that issue SSL certificates use Internet services like e-mail and the Web to validate their certificates.

 [IT Professionals] Is Your DNS Server Safe? Major Security Hole Needs To Be Patched ...: After Halvar’s guess, another security blog that had specific knowledge of the threat details confirmed Flake’s hypothesis. As a result, the threat was disclosed. Luckily, the various creators of the DNS systems used all over the ...

 [Mac Users] DNS security flaws: C asks it's ISP's DNS server "A" to get the IP address of nonexistentserver.yourbank.com. A doesn't know, so it asks the DNS server for yourbank.com "B" (B will reply the domain doesn't exist).

 [threatblog] Apple Crumble?: In my view, the real damage to Apple is that they’ve given the impression that their security initiatives are driven by marketing considerations. Of course, in the real (corporate) world it’s quite normal to maintain right of veto over public statements and appearances (that goes for the public sector too), but there are a lot of people falling into the general category of "security researcher"

Reflected tags on Technorati: Blog, Botnet: Blogs, Photos, Videos And More On Technorati, Botnets: Blogs, Photos, Videos And More On Technorati, Security Update: Blogs, Photos, Videos And More On Technorati, Pentesting: Blogs, Photos, Videos And More On Technorati, Security Threat: Blogs, Photos, Videos And More On Technorati, Global Security Watch