Today we introduce a new portion of the show: SecuraBytes. SecuraBytes are unannounced episodes, they could be last minute interviews or just more beer induced security speak. So, without further ado, here is the first SecuraByte from the SecuraBit Podcast.
“Introducing haiku-DNS: [laughing corruption collapsing kittens gallop nectars forgiving] = usa.gov” – Chris
Wesley McGrew of McGrew Security, Martin McKeay of the Network Security Blog / Podcast, and some guy named Joel joined Rob Fuller and Anthony Gartner last night to discuss the DNS vulnerability leakage that happened about quitting time yesterday (7/21). We discuss the leak, how the vulnerability works, mitigating, and the potential it has on mass scales. Every one of the gentlemen that joined us, and we here at SecuraBit urge you to patch as soon as possible. If you need further information, please check the following links:
Direct link to this episode:HERE
Check to see if you are vulnerable: http://www.doxpara.com/
In depth explanation of the vulnerability:
http://www.mcgrewsecurity.com/?p=151
Dan’s niece Sarah spells it out for us:
http://www.youtube.com/watch?v=XDKw8ny6IcM
More supporting links:
http://www.mckeay.net/2008/07/21/patch-dns-now/
http://www.matasano.com/log/mtso/
http://www.doxpara.com/?p=1176
http://blogs.zdnet.com/security/?p=1520
your site is on my favorites now
nice article! nice site. you're in my rss feed now
keep it up
[...] Episode 2 Last night we decided to discuss a little more on the DNS vulnerability issue that’s been the hot topic everywhere in terms of detection and defense. Thanks to guest [...]
http://www.milw0rm.com/exploits/6122
Exploit is out via MSF3 by downloading it from milw0rm’s site. However it’s said to be not as easy as it sounds and for IDS types it could be susceptible to many false positives as this is a rehash of an older DNS cache poisoning signature in which the threshold is revised to detect such activity.