Michael Santarcangelo and I have released the second episode of the Security Catalyst Show: Pop Culture Security.
The show is available here. Show notes are available here.
This time we are taking a different approach, we are covering two topics using several movies.
Michael and I had a great time recording the episode and hope that you enjoy it. We also want you to take what you hear and start applying it.
Be safe out there.
James
Wednesday, July 16, 2008
Wednesday, July 9, 2008
DNS vulnerability - patch it
I have been watching a lot of the reaction to the DNS vulnerability that was revealed by Dan Kaminsky and multiple vendors yesterday.
There has been a few people who have downplayed the seriousness of the situation and for those of you still in doubt that this is a serious situation, I will point you to the retraction by Thomas Ptacek over at Matasano Chargen. Mr. Ptacek has always been one to stick to his guns when challenged about his postings and it shows the seriousness of the situation.
I think Microsoft is underplaying the seriousness of the situation by only rating the patch important. This will probably change as soon as there is an exploit in the wild. I think that is unfortunate, DNS is core to the way we traverse the Internet - you got to this blog via DNS, I posted it using DNS and all e-mail is delivered via DNS. DNS is core to the way we work.
There are servers that have been found to not be suceptible to this vulnerability. The first was DJBDNS. Dan Kaminsky did announce that there is another secure DNS server: PowerDNS made by Bret Huber. OpenDNS has stated in their blog that their implementation is secure against this vulnerabilty, which makes me feel better since I use them at home.
If you run a DNS server and you are not sure that you are vulnerable, check the CERT advisory for your vendors status. If your vendor is listed as anything other than not vulnerable, follow the link to your vendors website.
Be safe out there,
James
There has been a few people who have downplayed the seriousness of the situation and for those of you still in doubt that this is a serious situation, I will point you to the retraction by Thomas Ptacek over at Matasano Chargen. Mr. Ptacek has always been one to stick to his guns when challenged about his postings and it shows the seriousness of the situation.
I think Microsoft is underplaying the seriousness of the situation by only rating the patch important. This will probably change as soon as there is an exploit in the wild. I think that is unfortunate, DNS is core to the way we traverse the Internet - you got to this blog via DNS, I posted it using DNS and all e-mail is delivered via DNS. DNS is core to the way we work.
There are servers that have been found to not be suceptible to this vulnerability. The first was DJBDNS. Dan Kaminsky did announce that there is another secure DNS server: PowerDNS made by Bret Huber. OpenDNS has stated in their blog that their implementation is secure against this vulnerabilty, which makes me feel better since I use them at home.
If you run a DNS server and you are not sure that you are vulnerable, check the CERT advisory for your vendors status. If your vendor is listed as anything other than not vulnerable, follow the link to your vendors website.
Be safe out there,
James
Tuesday, July 8, 2008
DNS trouble in the offing
Dan Kaminsky released information today about a rather serious vulnerability in the implementation of DNS on most major platforms.
Microsoft has posted information about it on its site here.
Rich Mogul has an interview with Dan here.
Arthur over at Emergent Chaos has posted here
Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability.
Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this 192.168.140.25 The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business.
What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you.
Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com (64.236.91.23) your DNS server has been given spoofed information to send you to a malicious website at 172.16.91.23.
If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems.
Be safe out there,
James
(Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability.
(Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748
Microsoft has posted information about it on its site here.
Rich Mogul has an interview with Dan here.
Arthur over at Emergent Chaos has posted here
Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability.
Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this 192.168.140.25 The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business.
What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you.
Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com (64.236.91.23) your DNS server has been given spoofed information to send you to a malicious website at 172.16.91.23.
If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems.
Be safe out there,
James
(Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability.
(Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748
Subscribe to:
Posts (Atom)