Kaminsky on DNS rebinding attacks, hacking techniques

By Michael S. Mimoso, Editor, Information Security magazine 14 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Program highlights:

• Your presentations have focused a lot on network security, lately you've been talking a lot about Web 2.0 attacks, why the change in direction? (0:17)
• What are some down in the weeds Web flaws that organizations need to be aware of? 1:45)
• Tell me about some of the DNS rebinding research that you've been presenting. (3:07)
• Can you share any practical advice for organizations on how to defend themselves? (6:25)
• If the Web protocols are bad and the network protocols are bad what's the answer there? Certainly starting over isn't practical. (7:21)
• You do work in a lot of organizations. Can you tell me about the state of security in most of those that you work in? (9:17)

Tags: Web Application Security,  Web Services Security and SOA Security,  Emerging Information Security Threats,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security nCircle statistics show rising Web application vulnerabilities Twitter bugs, DNSSEC and broswer security Month of Twitter Bugs project to document Twitter flaws Are Web application penetration tests still important? IT pros can detect, prevent website vulnerabilities, thwart attacks PCI compliance requirement 6: Systems and applications Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits XSS bugs, information leakage top list of website vulnerabilities How to find and stop automated SQL injection attacks Web Services Security and SOA Security Cryptographers say cloud computing can be secured Information security book excerpts and reviews Will cloud computing and virtualization save the day? MySpace, Facebook ignoring basic principles of security Kaminsky: DNS flaw capable of attacks on many fronts Which operating system can best secure an FTP site? IBM's Watchfire halts network research, focuses on Web apps How does identity propagation work? Citrix adds Web security with acquisition Are attackers using malware to exploit service oriented architectures? Emerging Information Security Threats New attack code targets Microsoft DirectShow zero-day vulnerability Adobe ColdFusion websites being compromised Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs Face-off: Who should be in charge of cybersecurity?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary