Per requests, and as part of the ‘ask JJ’ responses, I’ve been working on a couple of blog post series for you.
I’m juggling blog-moving with blog-posting and trying to find the happy medium. Coming soon though, are two NAC/1X series I hope you’ll enjoy… (more…)
No CommentsWell everyone- there’s something I’ve been wanting to tell you and now, after a year, I can!
Because of non-disclosure and other confidentiality contracts with various partners, vendors and manufacturers, we’ve had sealed lips for almost exactly 12 months. Now that it’s been made public by the media, I can share a little information with you and explain why I think you should be excited. (more…)
7 CommentsA quick update on the DNS vulnerability.Based on posts and Twitters last night from Dan and the snippits of information I gleaned from fellow Security Twits and bloggers… I think we are all aware that the DNS vulnerability is now out in the open.
The team that discovered the vulnerability was due to release details of the exploit at BlackHat (in 2 weeks). However, someone has reverse-engineered the vulnerability and released the details. The contents, or portions of the exploit were accidentally posted on a very prominent security blog yesterday then quickly removed. (Don’t ask, that’s a whole ‘nother story).
If your DNS server has not been patched, you are vulnerable now. More info on Dan’s (discoverer’s) site . You’ll notice his 13 > 0 post... letting us know instead of 13 days you now have 0.
If you haven’t patched your DNS server(s), please see my previous DNS vulnerability post, follow the links included for more information and instructions. Consider yourself now at risk.
# # #
No CommentsFYI, thanks for bearing with me these couple of weeks. I spent a week in a lab with no Internet access at all, which made blogging life (and actually ALL life) very difficult. Upon returning, I’ve been in the process of following up on the DNS vulnerability which has now been accidentally released. And, as I mentioned in an earlier post, I’m smack in the middle of moving this blog to a new, fuller-featured platform. (more…)
No CommentsIt’s been a day since the public announcement, so by now you’ve probably heard about the DNS issue. The bug was found earlier this year, but the discoverer (Dan Kaminsky) and team worked fervently with leaders of the technology industry to create patches for all platforms before the big announcement. And- kudos to them all for keeping zipped lips until the problem could be contained (despite all the heckling and harassing).
You can find out a little more right now- I’m including some links below for you to read more.
If you don’t know what DNS is or why you care, see the bottom of this post for a little background info.
As for the real deal on disclosure- you’ll have to wait for Black Hat in August. I’ll be there, along with other members of the Security Bloggers Network (a (non-exclusive but highly visible and well-respected) security bloggers channel for Black Hat and RSA). I’m sure you’ll see *plenty* of post-Black Hat blogs, tweets and podcasts recapping the story.
Hear the buzz…
What is a DNS Server? DNS are servers throughout the Internet (and inside networks) that resolve domain names (ie www.SecurityUncorked.com) to the IP address of the hosting server. The idea is, if you can trick a DNS server, your request for ESPN.com may just take you to a malicious site where you’ll be immediately infected with a virus, malware or other undesirable creepy Internet-bred monster. They’ve found a bug that could be exploited to do just that.
What do we do? It’s not the end of the world. For now, know that almost all DNS servers need to have a patch installed to protect them from this vulnerability. It’s pretty universal and every manufacturer is on board and offering a patch as of yesterday, July 8th.
# # #
No Comments
