RE: [WEB SECURITY] Major DNS Vulnerabilities

["Michael S. Menefee" <mmenefee@xxxxxxxxxxxxxxx>]

Robert,

Thanks for the update on this issue. Do you happen to know of any
resources/links/articles that more adequately explain the actual
vulnerability, the attack approach, etc? I haven't been too succesful in
finding a very technical description of the issue, although I assume
that was the intention of both Dan Kaminsky and the vendors related to
this latest press release

Thanks, 


--
Michael S. Menefee, CISSP (#43728)
Principal Consultant
Secure Solve, Inc.
Phone: (919) 439-3598
Fax: (919) 287-2570
mmenefee@xxxxxxxxxxxxxxx
www.securesolve.com

-----Original Message-----
From: robert@xxxxxxxxxxxxx [mailto:robert@xxxxxxxxxxxxx] 
Sent: Tuesday, July 08, 2008 4:37 PM
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] Major DNS Vulnerabilities 


Looks as though its time to patch again. This time against 81 different
products

http://it.slashdot.org/article.pl?sid=08/07/08/195225
http://securosis.com/publications/CERT%20Advisory.doc
http://securosis.com/publications/DNS-Executive-Overview.pdf

Regards,
- Robert
http://www.webappsec.org/



------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA