|
Foneshow delivers audio content directly to your cell phone. With automatic notification, the content is always fresh; it's great for news, finance, and sports programming. You don't need a data plan or a smart phone to use Foneshow!
Security Bites 107: Dan Kaminsky talks about responsible vulnerability disclosure
Date: 07/11/2008
 Dan Kaminsky at DefCon in 2006 (Credit: Declan McCullagh / CNET News)In the middle of a flood of news surrounding a serious vulnerability within the fundamental structure of the Domain Name System (DNS) is the story of how researcher Dan Kaminsky chose to handle his discovery and, hopefully, it's mitigation. What Kaminsky did was co-ordinate several vendors in a multiparty, simultaneous release of a patch--a patch that Kaminsky feels doesn't lend itself to easy reverse engineering. For the moment Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft their exploits. He's giving everyone 30 days before he spills the technical details at this year's Black Hat conference in Las Vegas in August. Kaminsky, director of penetration testing at IOActive, is no stranger to discovering vulnerabilities. In this case, however, he says he wasn't looking for the DNS flaw but after three days of testing he knew he had something important. In this week's Security Bites interview, Kaminsky talks about what goes through his mind when he hits upon a suspected vulnerability, and how he decides to proceed from there. And what he's learned thus far from the whole DNS patch experience.
Foneshow does not charge for this service, but standard or other charges may apply from your carrier. Please check your plan to make sure. To stop receiving text messages at anytime, text STOP to 44636. For help, text HELP to 44636 or email support@4info.net. |
