Kaminsky on DNS rebinding attacks, hacking techniques

By Michael S. Mimoso, Editor, Information Security magazine 14 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Program highlights:

• Your presentations have focused a lot on network security, lately you've been talking a lot about Web 2.0 attacks, why the change in direction? (0:17)
• What are some down in the weeds Web flaws that organizations need to be aware of? 1:45)
• Tell me about some of the DNS rebinding research that you've been presenting. (3:07)
• Can you share any practical advice for organizations on how to defend themselves? (6:25)
• If the Web protocols are bad and the network protocols are bad what's the answer there? Certainly starting over isn't practical. (7:21)
• You do work in a lot of organizations. Can you tell me about the state of security in most of those that you work in? (9:17)

Tags: Web Application Security,  Web Services Security and SOA Security,  Emerging Information Security Threats,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats Scanning with N-Stalker offers basic Web application security assessment Attackers target PDF, DirectShow flaws with malicious banner ads New Bahama botnet evades search engines, fuels click fraud Web Services Security and SOA Security Security testing firm uncovers XML vulnerabilities Cryptographers say cloud computing can be secured Information security book excerpts and reviews Will cloud computing and virtualization save the day? MySpace, Facebook ignoring basic principles of security Kaminsky: DNS flaw capable of attacks on many fronts Which operating system can best secure an FTP site? IBM's Watchfire halts network research, focuses on Web apps How does identity propagation work? Citrix adds Web security with acquisition Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary