DNS Fool

Although DNSSEC has been in the works for over a decade now, until recently there has been little motivation to begin working on a widescale deployment. Of course, after Dan Kaminsky’s announcement this past summer there is now a scramble to increase the security of the domain name system.
Earlier this year the U.S. Government issued [...]

In response to claims of “foot-dragging” with regards to DNS security, the United States government has ordered the administrators of all .gov domains to implement DNSSEC before January 2009.
DNSSEC is a somewhat controversial set of extensions to the DNS protocol designed to provide protection from forged data.  Although it was first proposed in 1995, DNSSEC [...]

A lot has happened in the world of DNS since July 8th.  Of course, that is when Dan Kaminsky revealed his now famous DNS bug and the patching panic began.  Since that time there have been many explanations of the bug, along with much discussion about also how the bug can be exploited and why [...]

The initial patches provided for better port randomization in BIND caused it to experience performance issues.  Today ISC has provided a second patch for each of the Unix versions of 9.3.5, 9.4.2, and 9.5.0 that addresses the problems introduced in the first patch.  As stated in the release notes, this update provides:

performance improvement over the [...]

Well that didn’t take long.
Mere days after the details of the recent DNS attack were made public there is already an exploit out in the wild.  HD Moore and I)ruid have added an exploit to the Metasploit project, a popular penetration testing framework.  These are the good guys, but the bad guys have the same [...]

It was just 14 days ago that Dan Kaminsky announced that he had found a critical security flaw in DNS, but that the details would be kept secret until he took the stage at Black Hat on August 6th.  This 29 day gap between the announcement of the discovery and the detailed description of the [...]

Dan Kaminsky has done it again.
Kaminsky found a security vulnerability in the design of DNS itself.  Yea, let that sink in.  The problem was in the DNS protocol, not just certain implementations.  That means BIND is affected (of course), Microsoft DNS is affected, and so on.   A full list of affected systems is available in [...]

ICANN and IANA were the victims of a DNS redirection attack this week.
Turkish crackers were able to take over the icann.com, icann.net, iana.com and iana-servers.com and redirect them to a hosting account at atspace.com.
Zone-H is hosting a mirror of the defacement.

Interesting to here Verisign say this:
In the case of DNSSec, the security threats it was designed to address have been mitigated by changes to DNS software or in other ways, so the urgency is not there,” Silva explained.

Another DNS hijacking, this time the victim is Photobucket. Photobucket.com is registered with Register.com, and name service is provided by UltraDNS.
Register.com is investigating the problem