11 August 2008

Report from BlackHat 2008

I was pretty psyched that my employer sent me out to Black Hat last week. It was nice to hang out with a bunch of people who are enthusiastic about discussing computer security issues.

I wish I could have spent the entire week at the conference. Maybe next year. I got a good taste for the issues at hand, but I found myself yearning for more technical content.

The marquee talk that was presented at Black Hat was given by Dan Kaminsky on the subject of DNS security. I didn't actually attend this talk because it was mobbed and I am already very familiar with this issue. Basically, the problem Kaminsky has brought to light has to do with the low-level details of how the DNS protocol works. A sufficiently skilled attacker can poison a DNS server using faults in how the DNS protocol is specified and implemented. Kaminsky presented a significant new attack in this space.

After having some time to reflect on this attack, I am struck by how similar Kaminsky's attack is to a previous attack -- the attack first documented by Morris and made famous by Mitnick (who attacked Shimomura). This style of attack has been well-understood for decades now. When you get down to it, if an attacker decides to attack a protocol that is protected with easily guessable sequence numbers (or else the attacker can flood the host that he/she wishes to attack), the security of the protocol will soon be compromised.

Look how far we (haven't) come...

1 comment:

The Beast said...

So... does this mean you're employed again? Grats.