Update 07.12.2007: Kelly Jackson Higgins from Dark Reading posted a story highlighting the new Anti-DNS Pinning demos set to be presented at BlackHat. It appears there are many notable industry experts piling on the research trying to figure out how deep the rabbit hole goes. It should be an interesting year.
Per the typical web security M.O, attack techniques we’ve known and ignored for years have a way of coming back around as new ways of using them are discovered. It happened with XSS, recently with CSRF, and now new life is being breathed in Ant-DNS Pinning. Anti-DNS Pinning is a very important issue, especially as it related to intranet hacking, but its HIGHLY complicated and few people understand the nuances. In fact only a few months ago is the first time I’d seen the term mentioned in the mainstream media.
Fortunately learning about Ant-DNS pinning is getting easier as Christian Matthies and PortSwigger both posted freshly minted and extremely well-written white papers. The benefit of Christian’s is that he’s got a bit more data on anti-anti- and anti-anti-anti DNS Pinning, while PortSwigger’s explores web proxy implications which I had not seen anywhere else.
Also, if you are attending Black Hat USA 2007, make sure to catch David Byrne's Intranet Invasion With Anti-DNS Pinning.