home contact keylogger.org add keylogger.org to favorites set keylogger.org as homepage Anti-Keylogger.org
Keylogger testing and reviews

Keylogger testing policy

Press-releases

Keylogger developers

Links 		Monitoring Software Keylogger articles

Get Free Software

Keylogger chat

Keylogger forum

Sponsorship & services
Advertising
Your Ad Here
Site News
Current section

September 24, 2008

New version of PC Activity Monitor Pro (PC Acme Pro) added!
World news

October 13, 2008

Exceed biometric standards, expert urges

Deloitte laptop loss spreads to rail workers and police

Malware writers spoof Patch Tuesday

Security disclosures tip the stock market

Mafiaboy Grows Up; a Hacker Seeks Redemption

Vendors, Cops, Profs Team to Study Cybercrime

Six Essential Apple iPhone Security Tips

Apple asks judge to make iPhone lawsuit moot

Report: World Bank servers breached repeatedly

Exploit code loose for six-month-old Windows bug

Google allies with click-fraud detection firm Click Forensics

Over half of U.K. firms have lost data

U.S. proposes digital signing of DNS root zone file
Newsletter
E-mail: 
Subscribe
Send to friend
E-mail: 
Send
Voting

We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?

Yes, I like the site as it is.
It's ok, but some changes are necessary.
It should be changed completely.
VotingView results
DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

July 10, 2008

Patch domain name servers now, says DNS inventor

Paul Mockapetris, inventor of the Internet's Domain Name System architecture, has some advice for those in any doubt about the seriousness of a weakness in the DNS protocol that was disclosed yesterday: Patch your DNS servers right now.

The vulnerability and the attack it enables are among the most dangerous to have been discovered in the DNS protocol so far, Mockapetris said in an interview with Computerworld Wednesday morning.

"It's absolutely critical for IT managers to upgrade their software. They want to make very sure that the caching servers on their perimeters are up to snuff," Mockapetris said. In addition, they need to also ensure that client devices such as DSL modems that might have DNS software embedded in them, are properly patched. "The time to fix is now. The clock is ticking," before exploits against the flaw become widely available.

The so-called DNS cache-poisoning flaw was discovered by Dan Kaminsky, a researcher at security firm IOActive Inc. earlier this year. The vulnerability gives malicious attackers a way to very quickly redirect Web traffic and e-mails to systems under their control. Virtually every domain name server that resolves IP addresses on the Internet is vulnerable to the flaw, as are client devices with embedded DNS software.

According to Kaminsky's description of the problem, the weakness exists in a transaction identification process that the DNS protocol uses to determine whether responses to DNS queries are legitimate or not. The vulnerability essentially allows an attacker to poison a DNS server cache by injecting forged data into it.

The flaw exists at the DNS protocol level and affects numerous products from multiple vendors. The U.S Computer Emergency Readiness Team (US CERT), which was among the first to be informed about the problem when Kaminsky discovered it, yesterday issued an advisory describing the issue and listing over 80 vendors whose products are affected by the vulnerability. Several of those firms, including Microsoft Corp., Cisco Systems Inc., Sun Microsystems, Red Hat Inc and Nominum Inc. simultaneously released patches yesterday.

According to Mockapetris, the kind of DNS cache-poisoning exploit discovered by Kaminsky is not particularly new in concept; it essentially works by trying to correctly guess DNS packet identifiers. What makes Kaminsky's exploit lethal is that it is far more effective at doing this than anything else before. "He has figured out a way to make the attacks much more dangerous. Someone using this technique can poison a caching server in about 10 to 20 minutes," depending on the kind of bandwidth that is available, Mockapetris said.

Mockapetris added that the software patches issued by the vendors yesterday are aimed at blunting the efficacy of Kaminsky's exploit by making it much harder to guess at the packet identifiers. Even so, he cautioned, with Kaminsky scheduled to make details of his exploit publicly available at the upcoming Black Hat security convention, expect to see concerted efforts by many to use the technique to break into DNS name servers Mockapetris. Internet Service Providers are likely to be among the juicier targets, since a compromise of one of their DNS servers will likely have a far broader impact than an attack targeted at a corporate server.


Source: ComputerWorld




All news for October 13, 2008:
12:44Exceed biometric standards, expert urges
12:42Deloitte laptop loss spreads to rail workers and police
12:40Malware writers spoof Patch Tuesday
12:39Security disclosures tip the stock market
12:38Mafiaboy Grows Up; a Hacker Seeks Redemption
12:37Vendors, Cops, Profs Team to Study Cybercrime
12:36Six Essential Apple iPhone Security Tips
12:34Apple asks judge to make iPhone lawsuit moot
12:34Report: World Bank servers breached repeatedly
12:33Exploit code loose for six-month-old Windows bug
12:32Google allies with click-fraud detection firm Click Forensics
12:30Over half of U.K. firms have lost data
12:30U.S. proposes digital signing of DNS root zone file

* No news for October 11, 2008 - October 12, 2008

All news for October 10, 2008:
13:57Parity provides free online identity management
13:56High-tech bank robbers phone it in
13:56Spread security risks with diversity
13:54Corporate data loss not down to hackers
13:53First quantum encrypted network goes live
13:51Apple Posts Security Update 2008-007
13:50NT hacker blames 'segregation'
13:49ASIC counter-spy to be a tough search
13:48Scotland tightens security for mobile health-data
13:47Home Office publishes data-sharing guidance
13:47EDS loses unencrypted armed-forces data
13:45Data-center security tools to not overlook
13:44Microsoft promises huge patch day next week
13:43Firefox add-on blocks 'clickjacking' attacks



All news for October, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!

Advertising
Your Ad Here
| home | testing and reviews | testing policy | press_releases | developers |

| articles | contest | chat | forum | sponsorship & services | contacts | links |
Copyright © 2003-2008, Keylogger.Org Team. All Rights Reserved.
Use of any information from this website is permitted only with hypertext link to www.keylogger.org.