YISTA » Security http://yista.com Yah, I Saw That Already Sun, 19 Sep 2010 16:26:36 +0000 en hourly 1 http://wordpress.org/?v=3.0 New Tech Defined: DNSSEC http://yista.com/2009/05/04/new-tech-defined-dnssec/ http://yista.com/2009/05/04/new-tech-defined-dnssec/#comments Tue, 05 May 2009 03:14:52 +0000 George Burnett http://yista.com/?p=417 What is DNSSEC?

DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System. DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning (discovered by Dan Kaminsky). It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.

These mechanisms require changes to the DNS protocol. DNSSEC adds four new resource record types: Resource Record Signature (RRSIG), DNS Public Key (DNSKEY), Delegation Signer (DS), and Next Secure (NSEC). These new RRs are described in detail in RFC 4034.

DNSSEC services protect against most of the threats to the Domain Name System. There are several distinct classes of threats to the Domain Name System, most of which are DNS-related instances of more general problems, but a few of which are specific to peculiarities of the DNS protocol.

Note that DNSSEC does not provide confidentiality of data. Also, DNSSEC does not protect against DDoS Attacks.

For more details introductory information on DNSSEC go here.

]]> http://yista.com/2009/05/04/new-tech-defined-dnssec/feed/ 0 Top Internet Threats http://yista.com/2009/03/21/top-internet-threats/ http://yista.com/2009/03/21/top-internet-threats/#comments Sun, 22 Mar 2009 05:52:15 +0000 George Burnett http://yista.com/?p=412 Data Center The internet is filled with threats real and imagined, from malicious hackers to government censors.

Beyond the hacks and cracks — and in celebration of Sunshine Week — we’ve compiled a brief list of some of the biggest public and private threats facing the internet.

1. Warrantless Government Monitoring

2. Private Censorship

3. Government Censorship

4. Deep Packet Inspection

5. ISP Tiered Pricing

6. Recording Industry Association of America Proposes “Three-Strikes” Policy

7. Digital Millennium Copyright Act Abuses

You can read more about these Internet threats on the Wired Blog.

[via Wired]

]]> http://yista.com/2009/03/21/top-internet-threats/feed/ 0 MacBook Zero-Day @ CanSecWest http://yista.com/2007/04/23/macbook-zero-day-cansecwest/ http://yista.com/2007/04/23/macbook-zero-day-cansecwest/#comments Mon, 23 Apr 2007 15:19:58 +0000 George Burnett http://yista.com/2007/04/23/macbook-zero-day-cansecwest/ Mac HackMacaulay, a software engineer, was able to hack into a MacBook through a zero-day security hole in Apple’s Safari browser. The computer was one of two offered as a prize in the “PWN to Own” hack-a-Mac contest at the CanSecWest conference in Vancouver.

Macaulay teamed with Dino Dai Zovi, a security researcher until recently with Matasano Security. Dai Zovi, who has previously been credited by Apple for finding flaws in Mac software, found the Safari vulnerability and wrote the exploit overnight in about 9 hours, he said.

The vulnerability and the exploit are mine,” Dai Zovi said in a telephone interview from New York. “Shane is my man on the ground.

Dai Zovi plans to apply for a $10,000 bug bounty TippingPoint announced on Thursday if a previously unknown Apple bug was used. “Shane can have the laptop, I want the money,” Dai Zovi said. TippingPoint runs the Zero Day Initiative bug bounty program.

[CNet]

]]> http://yista.com/2007/04/23/macbook-zero-day-cansecwest/feed/ 1