Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] Why So Serious : DoxPara Research: (Dan Kamisky - DNS at Blackhat)
Prev Next
You are not authorized to post a reply.

AuthorMessages
sbradcpaUser is Offline

Posts:320

08/07/2008 10:00 AM  
Why So Serious : DoxPara Research:
http://www.doxpara.com/?p=1204
http://www.doxpara.com/DMK_BO2K8.ppt

DNS servers had a core bug, that allows arbitrary cache poisoning

The bug works even when the host is behind a firewall

There are enough variants of the bug that we needed a stopgap before
working on something more complete

Industry rallied pretty ridiculously to do something about this, with
hundreds of milllions protected

DNS clients are at risk, in certain circumstances

We are entering (or, perhaps, holding back a little longer) a third age
of security research, where all networked apps are “fair game”

Autoupdate in particular is a mess, broken by design (except for
Microsoft) (1)

SSL is not the panacea it would seem to be

In fact, SSL certs are themselves dependent on DNS

DNS bugs ended up creating something of a “skeleton key” across almost
all major websites, despite independent implementations

Internal networks are not at all safe, both from the effects of Java,
and from the fact that internal routing could be influenced by external
activity

The whole concept of the fully internal network may be broken – there
are just so many business relationships – and, between IPsec not
triggering and SSL not being cert-validated, these relationships may not
be secure

We’re not even populating CDN’s securely!

Susan add:
(1) Microsoft was paranoid and has prevention from the get go with
signed updates
http://blogs.technet.com/robert_hensing/archive/2008/07/29/today-s-fail-open-goat-award-goes-to-insecure-3rd-party-software-updaters.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Why So Serious : DoxPara Research: (Dan Kamisky - DNS at Blackhat)



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:cthart
New TodayNew Today:1
New YesterdayNew Yesterday:5
User CountOverall:4285
People OnlinePeople Online:
VisitorsVisitors:73
MembersMembers:0
TotalTotal:73
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use