BlackHat and the DNS Non-Event

Well I'm out here in sunny Las Vegas to attend the IT Security trade shows Blackhat and Defcon which happen to occur during the same week (luckily for those of us who want an excuse for a week long junket to sin city). Anyways, I'll be reporting in several times on the goings on. The big event is supposed to be Dan Kaminsky's presentation where he will reveal a huge hole in DNS, the address database that is the underpinnings of most of the Internet. While this sounds impressive, it promises to be mostly a non-event for several reasons. First of all, his thunder was stolen several weeks ago when someone spilled the beans he was carefully concealing and outted his vulnerability to the world. There are now patches available and exploits loose in the wild taking advantage of it. AT&T was rumored to have fallen prey to it last week. So his presentation while interesting, has lost much of its "zero day" hype. Its also a non-event for those of us, precient or practical enough to be using some non-vulnerable related DNS program such as DJBDNS or PowerDNS. Either way, any of those platforms arent vulnerable to the Kaminsky exploit. For me, I'm far more interested in the planned demonstration of a practical application of quantum encryption which could totally change the way we use the internet. Or maybe the 4th Annual Blackhat No Limit Poker tournament. Ever play poker with hackers? its more dangerous than running BIND for your DNS these days. anyways, more news as it develops..

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.