Modern OSes are prone to side-channel-based DNS cache poisoning attacks
Guest Post: Researchers show how SAD DNS attacks allow an off-path attacker to inject malicious DNS records into a DNS cache.
Tag: security
NPM, encryption, and the challenges ahead: Part 1
Guest Post: Encryption and cloud adoption are creating hurdles for network performance monitoring vendors. To survive, solutions must evolve or die.
Adoption of DNS security mechanisms related to ease-of-use, cost
Guest Post: Study shows ease-to-deploy and cost are important factors when it comes to using DNS security mechanisms.
More notes from IETF 112
Geoff Huston on currently active IETF routing security, IPv6, and transport discussions.
Notes from DINR 2021
Presentations at DINR 2021 demonstrated a world of detail and complexity in current DNS research.
Vulnerabilities show why STARTTLS should be avoided if possible
Guest Post: Study finds more than 40 STARTTLS-related security flaws in many different software products, both client-side and server-side.
What every IT person needs to know about OpenBSD Part 3: That packet filter
Guest Post: Useful and fun features related to the OpenBSD packet filter.
RSA vs ECDSA for DNSSEC
Measuring whether we should use ECDSA.
ALPACA attack: Analysing and mitigating cracks in TLS authentication
Guest Post: Study shows adding a TLS-protected email or FTP server to a network can enable cookie-stealing or cross-site scripting attacks against web servers in the same network.
DNS-over-TCP considered vulnerable
Guest Post: There are several ways attackers can force TCP to fragment for inclusion in IP fragmentation attacks.