http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202423911432 By Keith Jones and Brian Dykstra Special to Law.com August 20, 2008 As always, the 2008 Black Hat security conference in Las Vegas, N.V., was full of cutting-edge computer security research, the latest in computer security vulnerabilities, and more than a little controversy. Since the beginning of the Black Hat conference 15 years ago, the show has always been a place for the elite of the computer security industry to release their latest work on what is known as "zero-day exploits." A zero day or "0-day" exploit is a previously unknown computer security vulnerability that is released before vendors like Microsoft have a chance to release a security fix. There were fewer zero-day exploit presentations this year than we have seen in the recent past, but the ones that were presented were big. The most popular presentation at Black Hat 2008 was on the Internetwide DNS vulnerability discovered by Dan Kaminsky, director of penetration testing for IOActive. Over 2,000 attendees packed into an 800-person capacity room to hear Mr. Kaminsky tell the intriguing story of how he had been working on a nonsecurity related, Web-caching project for a friend at Wikipedia. Dan was looking into how Domain Name Servers (DNS), the computers on the Internet that convert computer names (like www.law.com) to IP addresses (and vice versa). Looking for ways to improve performance, he stumbled upon a "DNS cache poisoning" vulnerability. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Wed Aug 20 2008 - 04:37:09 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 20 2008 - 04:44:14 PDT