While it is clear that Dan Kaminsky did report a flaw without any method to verify or reproduce the flaw. I have to ask what exactly would others do in the same situation? I will only say this; if the flaw is in fact the same one that Thomas Ptacek claims related to the 16 bit session id and has been around for years. Then given time this too will be known and Dan Kaminsky is setting himself up for a rather unpleasant period. Though honestly there is nothing Dan Kaminsky has to gain by simply doing the right thing. Each of us are faced with these types of decisions in our lives! Piling on as a critic without any details seems totally unproductive.

According to DNS expert Paul Vixie, one of the few people who has been given a detailed briefing on Kaminsky's finding, the exploit is different from the issue reported three years ago by SANS. While Kaminsky's flaw is in the same area, "it's a different problem," said Vixie, who is president of the Internet Systems Consortium, the maker of the most widely used DNS server software on the Internet.

By day's end, Kaminsky had even turned his most vocal critic, Matasano's Ptacek, who issued a retraction on this blog after Kaminsky explained the details of his research over the telephone. "He has the goods," Ptacek said afterward. While the attack builds on previous DNS research, it makes cache-poisoning attacks extremely easy to pull off. "He's pretty much taken it to point and click to an extent that we didn't see coming."

Kaminsky's remaining critics will have to wait until his Aug. 7 Black Hat presentation to know for sure.

On deck for release Feb. 12 is a dozen security bulletins, seven of them rated critical.

After a relatively light Patch Tuesday load in January, Windows administrators are bracing for a barrage of security updates from Microsoft.

According to the software maker's advance notice mechanism, there are 12 bulletins slated for release Feb. 12. Seven of the 12 will be rated "critical," Microsoft's highest severity rating.

Four of the seven critical bulletins will contain fixes for code execution holes in Microsoft Office, the company's flagship desktop productivity suite.

These fixes will most likely cover known -- and already exploited  -- zero-day flaws affecting Microsoft Excel. Microsoft has already issued a pre-patch advisory regarding the Excel attacks, so it is a safe bet that the February Patch Batch will cover holes in Excel 2000, Excel 2002, Excel 2003 and Excel 2004 for Mac.

The widely deployed Internet Explorer browser is also getting a cumulative update to fix holes that could cause drive-by malware installation attacks.

High-risk bulletins are also slated for users of the Windows operating system, VBScript and JScript.

In addition to the critical bulletins, Microsoft also gave notice on five "important" updates covering holes in Windows, Active Directory, ADAM, ISS and the Office Works suite.

Some of the "important" bulletins provide fixes for code execution, privilege escalation and denial-of-service vulnerabilities.

Four of the seven bulletins will contain patches for Windows Vista, Microsoft's newest operating system.

As is customary, Microsoft will release an updated version of the MSRT (Malicious Software Removal Tool) to add detections for new strains for bots, Trojans and viruses.

The notorious Russian Business Network has suddenly picked up from its St. Petersburg digs and diversified, spreading its unwholesome activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses, according to security company Trend Micro.

The Internet presence for the RBN—a Russian ISP that's infamous for hosting shady and criminal businesses—blinked off at about 7 p.m. PST on Nov. 6, security researchers at Trend Micro reported the following day. The RBN's IP addresses can no longer be reached, since the routing for them no longer exists as of Nov. 8. In a posting, Trend Micro's Feike Hacquebord conjectured that the RBN's upstream providers may have yanked Internet connectivity services temporarily or even permanently.

Trend Micro has noticed RBN-like activity on blocks of IP addresses that were registered in China and other locations shortly before the RBN closed down the routes to its St. Petersburg addresses.

Full Article

Breach Security, Inc., a leader in web application firewalls, announced today that the Breach Security WebDefend(TM) web application firewall has earned certification by ICSA Labs, an independent division of Verizon. WebDefend is one of the first web application firewall products to achieve this distinction.

On the open source end of the scale we have a project named ModSecurity. According to the Mod Security website (http://www.modsecurity.org), ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

The current version of ModSecurity is 1.7.6 with the 1.8 release slated for April 2004. You can grab the latest copy from http://www.modsecurity.org/download/index.html.  Ivan Ristic: is also involved with the Open Web Application Security Project and the Web Application Security Consortium. These are two organizations with similar goals - to increase awareness of web application security issues - but different ideas how to get there.