OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."
Internet software company, Nominum, has released a new version of its DNS server software that is claimed to offer much greater protection from the notorious DNS cache poisoning vulnerability unveiled earlier this year by security researcher Dan Kaminsky.
By exploiting the cache poisoning vulnerability hackers can insert a false IP address into the cache of domain name-to IP-address references maintained by all ISPs, and many enterprise systems, redirecting a request for a genuine site to any site of their choosing.
Nominum software provides DNS services for some 120 million broadband users around the world and it was quick off the mark to implement the initial fix for the Kaminsky vulnerability. However this fix, a technique know as UDP source port randomisation, did not address the underlying problem: it simply made exploitation several orders of magnitude harder. And in fact one researcher claims to have already cracked this protection but he was operating over a 10GBE Lan which enabled him to make many more attempts per hour than would be possible over the public Internet.
Now, according to Nominum, a new release of its Vantio caching DNS server platform "provides multi-layer intelligent defences that defeat DNS cache poisoning and other attacks, including the recently publicised Kaminsky vulnerability...[and that] far surpasses the recently released industry standard UDP source port randomisation (UDP SPR)....[and] negates the brute force advantage attackers gained with the latest DNS cache poisoning vulnerability.'
Dr Paul Mockapetris, chairman and chief scientist at Nominum and inventor of the DNS, said: "Literally one day after details of the Kaminsky cache poisoning attack were revealed, UDP source port randomisation was defeated in 10 hours by security researchers using brute-force spoofed response. Nominum's multi-layered approach eliminates the risk of a successful attack."
Key benefits claimed for the new release are that it:
- Resists and stops all forms of cache poisoning attacks;
- Defends automatically against query response spoofing and takes attackers out of loop;
- Prevents hijacking of subscriber traffic, or 'pharming" attacks;
- Identifies perpetrators and records attack attempts;
- Provides protection in enterprise and service provider networks that use network address translation (NAT), which can undermine UDP SPR;
- Reduces the chance of poisoning answers for valuable domains to zero.
David Bass
| Diversified industrial manufacturer Eaton Corporation has today launched a new set of enclosure power distribution units, ePDUs, that prov…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
