Last week the Office of Management and Budget released memoranda M-08-23, titled Securing the Federal Government’s Domain Name System Infrastructure. The document states that all US government top level .gov domains will use DNSSEC starting in January 2009. This is in response to the DNS cache poisoning attack that Dan Kaminsky made public a few [...]

Dan Kaminsky’s Black Hat USA presentation was a bit different than what I was expecting, but it was still very interesting. Instead of going into details on the vulnerability, he spent the majority of time identifying the systems that would break if someone were able to manipulate the DNS system. He basically said that once [...]

This is the week of USENIX, as they have several security related workshops, and their annual  Security Symposium. On Monday, there was the Workshop on Offensive Technologies, and I was lucky enough to get invited to the workshop. Paul Vixie started the event by talking about the DNS cache poisoning vulnerability. He didn’t talk about [...]

Now that public exploits are available for the DNS cache poisoning attack, now is good time to patch your DNS servers if you haven’t already. Some new tools also came out to test if your DNS server is vulnerable to DNS cache poisoning. The web-based DNS randomness test by DNS-OARC is very good, and it [...]

By now, I think everyone has heard about the cache poisoning vulnerability in many DNS servers. Many are using Dan Kaminsky’s online testing tool at doxpara.com to test their own servers, but Dan’s server leaves the results exposed to the public. For those that want to test their DNS servers and not have the results [...]

Yesterday, Dan Kaminsky announced that there is a fundamental flaw in the DNS protocol that can allow attackers to spoof domains to any DNS server. Because it is a fundamental flaw in the DNS protocol, many implementations of DNS servers are vulnerable. Yes, that means BIND, Cisco, Microsoft, and many others are vulnerable. Luckily, Dan [...]