July 15th, 2008
Kaminsky to discuss DNS flaw at Black Hat sponsored webcast
The Black Hat group on Twitter provided a message today alerting people to a webcast to be put on by Dan Kaminsky on the DNS vulnerabilities that I’ve heavily covered as follows:
- Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas ‘08
- Kaminsky and Ptacek comment on DNS flaw
- Don’t doubt Deputy Dan
The story has also received extensive coverage over at Securosis, where Rich Mogull has provided a podcast on the subject. The Black Hat webcast details are listed below, including the registration information:
Registration Now Open for BH Webcast number 2 With Dan Kaminsky
It’s all over the news: Dan Kaminsky found a major, fundamental flaw in DNS that renders practically any name server vulnerable. He’ll be speaking in depth on this discovery in August at BH USA, but he’s agreed to discuss it a few weeks early. Get your best questions ready - the webcast will be live Thursday, July 24 at 1pm PT/4pm ET.
Join Dan Kaminsky, director of penetration testing for IOactive; Jerry Dixon, former director of the National Cyber Security Division at DHS; and other experts to discuss the largest synchronized security update in the history of the Internet. Dan will tell the story behind the discovery, and the process of creating and deploying the fix.
I’ll be there, as it’s always interesting and entertaining to hear Dan talk. Also, you should note that Dan’s talk at Black Hat is followed up by my talk with Heasman and Rob Carter in the exact same room. Might I suggest you just hang out and see our devastating talk as well? With a title like “The Internet is Broken“, you can imagine we have a lot of interesting stuff to deliver. Shameless plug, I know, but we’ll make it worth your while.
-Nate
Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.
