Home > Security News > Kaminsky on DNS rebinding attacks, hacking techniques
Security News:
EMAIL THIS LICENSING & REPRINTS

Kaminsky on DNS rebinding attacks, hacking techniques

By Michael S. Mimoso, Editor, Information Security magazine
14 May 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, dives into his latest work around DNS rebinding attacks and what enterprises can do to protect their resources from these Web-based attacks. Kaminsky also covers some of his research on the spoofing of SSL VPN certificates and other emerging threats. Kaminsky is a frequent speaker at industry conferences. He is probably best known for his Black Ops talks at the annual Black Hat Briefings. Kaminsky, formerly with Cisco and Avaya, is also an advocate for Net Neutrality.

  Kaminsky on attack techniques. (11 min) 

  Program highlights: 

  • Your presentations have focused a lot on network security, lately you've been talking a lot about Web 2.0 attacks, why the change in direction? (0:17)
  • What are some down in the weeds Web flaws that organizations need to be aware of? 1:45)
  • Tell me about some of the DNS rebinding research that you've been presenting. (3:07)
  • Can you share any practical advice for organizations on how to defend themselves? (6:25)
  • If the Web protocols are bad and the network protocols are bad what's the answer there? Certainly starting over isn't practical. (7:21)
  • You do work in a lot of organizations. Can you tell me about the state of security in most of those that you work in? (9:17)



Tags: Web Application Security (Also see Web Access Control)Web Services Security and SOA SecurityEmerging Information Security ThreatsApplication Attacks (Buffer Overflows, Cross-Site Scripting)Mobile CodeVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts