tag:blogger.com,1999:blog-13756280.post3903627400573876582..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Time to learn DNS-PinningJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-13756280.post-50931692086690825922007-08-15T07:05:00.000-07:002007-08-15T07:05:00.000-07:00DNS is growing attention everywhere, as DNS securi...DNS is growing attention everywhere, as DNS security is a growing concern its essential to keep up to date with the latest news and offerings check www.dnshelponline.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-46669614976728982862007-07-10T12:28:00.000-07:002007-07-10T12:28:00.000-07:00@david, ahaha, well you know I'll be there for you...@david, ahaha, well you know I'll be there for yours. :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-5638235874194073282007-07-10T12:18:00.000-07:002007-07-10T12:18:00.000-07:00Thanks for pitching my presentation. Personally, I...Thanks for pitching my presentation. Personally, I highly recommend the presentation immediately following mine (http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#grossman). I’ve seen two previous incarnations of it and would like to see it again, although there are three other presentations in the same time slot that I also want to see. Ugh.<BR/><BR/>Interesting timing on this post. Last night I published some minor anti-DNS pinning attacks against Java (http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0159.html). The cool thing about Java is that it supports full sockets, not just HTTP. One of the demos I’m doing at BlackHat will be getting root access on internal servers using non-web attacks (probably against a known Windows vulnerability) tunneled through anti-DNS pinning with Firefox & Java. <BR/><BR/>David ByrneDavid Byrnehttps://www.blogger.com/profile/09833533919626327810noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-70653583666872653902007-07-10T11:35:00.000-07:002007-07-10T11:35:00.000-07:00@Chistina, I know what you mean, but you don't hav...@Chistina, I know what you mean, but you don't have to offer something "new" to create a valuable paper. The concept isn't well documented and your paper helps a lot of people. And besides, I don't think either myself or RSnake can take credit for Anti-DNS pinning discoveries either. :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-87185889514872402392007-07-10T11:29:00.000-07:002007-07-10T11:29:00.000-07:00It's cool to see so many people now bringing more ...It's cool to see so many people now bringing more attention on DNS pinning.<BR/><BR/>However, what I failed to mention on my blog is that I just reproduced what I learned at the time DNS pinning hasn't been that well documented yet. Nothing to credit me for since you and rsnake essentially are the ones who discovered all this. I just wanted to have this said.<BR/><BR/>Apart from that, you're perfectly right. Anti DNS Pinning seems to be the "new CSRF" ;-)Christian Matthieshttps://www.blogger.com/profile/18000193340630874188noreply@blogger.com