8/3/2007

Browsers and potential danger

I’ve had this post tagged for comment for a couple of days, but time is something I just dont have much of right now. I’ve never met Dan Kaminsky. I’ve actually had some interaction in the past that wasn’t as favorable as most widespread stories, but that’s not relevant here. I will concur that Dan is one of the most technically savvy security professionals in the busines. Unquestionably.

Your browser is a tcp/ip relay
I’ve been a longtime fan of fellow hacker Dan Kaminsky, best known for his work in tracking down the spread of the sony rootkit. Recently I spoke with him about his current work, and he summed it up by saying, “I can turn your web browser into an VPN concentrator.” When I stared at him in disbelief he explained that using DNS rebinding he can get the browser to connect to any IP he chooses.
[Read full post]

You really do need to read the full post. Trust me. Go.

Scared yet. As one of my good friends said to me, we should go drink beer, then take the rest of the year off.

I have another friend who’s at Black Hat and I hope he’s in Dan’s session and comes back wit details. I’ll share them if and when I get more info.

Technorati Tags: , , ,

* Filed by Ken at 11:08 pm under InfoSec, Information Security

3 Responses to “Browsers and potential danger”

  1. Dan Kaminsky
    August 4th, 2007 | 12:36 pm

    Heh! My slides are up at the site, lemme know if you like ‘em. Sorry if I was a bit…inebriated :)

    –Dan

  2. Ken
    August 4th, 2007 | 2:49 pm

    Thanks for stopping and letting me know Dan. I’ll post it separately just to make sure anyone who might not catch comments sees it. Appreciate it!

    Ken

  3. Digital Common Sense » More on Browser Dangers
    August 4th, 2007 | 2:53 pm

    [...] I posted Browsers and potential danger mentioning a talk by Dan Kaminsky. Dan graciously stopped by to let me know his slides are now [...]

Leave a reply