Kaminsky on DNS rebinding attacks, hacking techniques

By Michael S. Mimoso, Editor, Information Security magazine 14 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Program highlights:

• Your presentations have focused a lot on network security, lately you've been talking a lot about Web 2.0 attacks, why the change in direction? (0:17)
• What are some down in the weeds Web flaws that organizations need to be aware of? 1:45)
• Tell me about some of the DNS rebinding research that you've been presenting. (3:07)
• Can you share any practical advice for organizations on how to defend themselves? (6:25)
• If the Web protocols are bad and the network protocols are bad what's the answer there? Certainly starting over isn't practical. (7:21)
• You do work in a lot of organizations. Can you tell me about the state of security in most of those that you work in? (9:17)

Tags: Web Application Security,  Web Services Security and SOA Security,  Emerging Information Security Threats,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Attackers zero in on Web application vulnerabilities Self-defending Web applications thwart attacks Facebook, McAfee partner to fix social network security issues Web application attacks security guide: Preventing attacks and flaws Using unique device identification for bank website security Information security book excerpts and reviews Black box and white box testing: Which is best? InZero Systems launches hardware-based security gateway Web application vulnerability assessment shows patching progress Preventing SQL injection attacks: A network admin's perspective Web Services Security and SOA Security Information security book excerpts and reviews Security testing firm uncovers XML vulnerabilities Cryptographers say cloud computing can be secured Will cloud computing and virtualization save the day? MySpace, Facebook ignoring basic principles of security Kaminsky: DNS flaw capable of attacks on many fronts Which operating system can best secure an FTP site? IBM's Watchfire halts network research, focuses on Web apps How does identity propagation work? Citrix adds Web security with acquisition Emerging Information Security Threats Leverage Google Attacks to Improve Cybersecurity SCADA system, critical infrastructure security lacking, survey finds Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Information security podcasts: 2009 archive Hathaway calls for international cybercrime task force Active PDF attacks target Reader, Acrobat zero-day vulnerability Sites hit with massive automated SQL injection attack Cybercriminals invest in social networking attacks Best practices for (small) botnets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary