Anti-DNS Pinning/DNS Rebinding is the new security hot topic lately and I wouldn't expect the marketingfest to end
anytime soon.
"While previous attacks using JavaScript could send data to a network,
the attack investigated by Stanford — known as domain-name service
(DNS) rebinding — could send and receive data from the local network,
completely bypassing the firewall.
To prove the danger, the Stanford students bought placement for a Flash
advertisement on a marketing network and found that, for less than
$100, an attacker could have hijacked as many as 100,0000 Internet
addresses in three days.
"This turns out to be several orders of magnitude cheaper than renting
a bot net," Collin Jackson, a PhD student in computer science at
Stanford and a member of the Security Lab, said during an interview at
the Black Hat Security Briefings."
Story Link: http://www.securityfocus.com/news/11481
