HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests and 5 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Interview With Dan Kaminsky On Massive Multivendor DNS Patch
Ethical Hacker Community Forums
January 08, 2009, 10:50:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Interview With Dan Kaminsky On Massive Multivendor DNS Patch  (Read 1249 times)
0 Members and 1 Guest are viewing this topic.
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 205

Klaatu, Borada,Necktie?


View Profile
« on: July 08, 2008, 03:45:53 PM »
To those of you who are currently stuck as patch monkeys like me, hell, to everyone, this is HUGE!

Over on the Network Security Podcast, Dan talks about how he got the cooperation of damn near every vendor out there and developed the patches that were simultaneously released today (including MS08-037) patching a "gaping hole in the DNS protocol."

He basically states that on August 6 at BlackHat Vegas, he'll be releasing proof of the vulnerability.

To prove how rediculously huge this is, when have you ever seen all the competitors work on something together AND keep it secret?

(The CERT advisory Word doc lists all the vendors)
« Last Edit: July 08, 2008, 03:47:28 PM by oneeyedcarmen » Logged
MCP, Security+, Associate (ISC)2
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 205

Klaatu, Borada,Necktie?


View Profile
« Reply #1 on: July 10, 2008, 12:11:09 PM »
As a follow-up...

The M$ patch (MS08-037) is flawed.  I just spoke with a rep at M$ who stated that they are working on fixing it (it pretty much stops you from reaching the internetz if you have ZoneAlarm, and from reaching any update sites anyway), but that "it was a good thing that you haven't installed the latest patches for MS08-037."

How reassuring...
Logged
MCP, Security+, Associate (ISC)2
Ketchup
Newbie
*
Offline Offline

Posts: 47


View Profile
« Reply #2 on: July 10, 2008, 05:00:58 PM »
Why do you run ZoneAlarm? 
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.041 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.