« Raising the bar: dynamic JavaScript obfuscation | Main | UN Hacked via SQL Injection »

Anti DNS Pinning/DNS Rebinding is the new industry buzz(word)

Anti-DNS Pinning/DNS Rebinding is the new security hot topic lately and I wouldn't expect the marketingfest to end anytime soon.

"While previous attacks using JavaScript could send data to a network, the attack investigated by Stanford -- known as domain-name service (DNS) rebinding -- could send and receive data from the local network, completely bypassing the firewall. To prove the danger, the Stanford students bought placement for a Flash advertisement on a marketing network and found that, for less than $100, an attacker could have hijacked as many as 100,0000 Internet addresses in three days. "This turns out to be several orders of magnitude cheaper than renting a bot net," Collin Jackson, a PhD student in computer science at Stanford and a member of the Security Lab, said during an interview at the Black Hat Security Briefings."

Story Link: http://www.securityfocus.com/news/11481


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!