Dan Kaminsky

Microsoft on Tuesday issued three security bulletins that address a total of eight vulnerabilities, one of them rated critical. Two are rated important.

"This month's critical vulnerability affects the Windows kernel and can allow an attacker to gain complete control of a user's machine simply by the user viewing a Web site infected with a malicious .WMF or .EMF picture file," said Alfred Huger, vice president of development at Symantec Security Response.

The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.

His work shows that DNS patches, which had appeared to solve the immediate problem, are insufficient.

Cache Poisoning

Day one of the Black Hat Security Conference in Las Vegas got off to a hot start with details about DNS and e-mail flaws, Google gaffes, and Cisco vulnerabilities. And some French reporters were kicked out for trying to hack the pressroom facilities.

The Black Hat conference is the premiere conference for the latest in security news and tools. Nearly 7,000 attendees are listening to presentations on phishing, hacking and malware, and many are taking comprehensive training on the latest security tools and techniques to protect their networks.

A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there's no evidence yet that this method of targeting e-mail has been used in a successful attack.

IOActive security researcher Dan Kaminsky offered his much-anticipated speech on the DNS vulnerability at the Black Hat conference on Wednesday. His message: Patching your systems is urgent because the risk of cache poisoning is great.

Kaminsky discovered the bug in early July. The attack code was released several weeks later by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

Thousands of network security professionals are in Las Vegas for the annual Black Hat Briefings computer security conference, which will be immediately followed by the DEFCON hacker convention. Both events focus on network and Internet security issues. The Black Hat conference is held at Caesars Palace Las Vegas Hotel & Casino, while DEFCON is at the Riviera Hotel & Casino August 8-16.

Apple has issued a Mac OS X patch for the Domain Name System flaw that security researchers agree is one of the most dangerous vulnerabilities on the Internet.

Apple has been criticized for being late with a fix. Some vendors, including Microsoft, Cisco, Sun Microsystems, and various Linux distributors, issued a fix weeks ago.

While Apple was working on its patch, researchers released software that exploits the flaw that IOActive researcher Dan Kaminsky discovered. The attack code was released by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

Researchers have released software that exploits the recently leaked flaw in the Internet's Domain Name System (DNS) software. That may mean IT admins are in for a long weekend of implementing and testing the patch.

IOActive researcher Dan Kaminsky discovered the bug earlier this month. The attack code was released Wednesday by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

A major flaw in the Internet infrastructure was leaked to the public Monday before many IT directors had the chance to apply security patches. The flaw was discovered weeks ago by Dan Kaminsky, a security expert at IOActive, who has worked with industry leading software developers investigating Internet vulnerabilities.

The U.S. Computer Emergency Readiness Team (CERT) has disclosed the discovery of defects in an essential component of everyday Internet operations.

The flaw was found at the heart of the Domain Name System -- the Internet "phone book" for translating Web URLs into the numerical IP addresses that networking computers use to deliver information. According to CERT, hackers could use a technique called DNS cache poisoning to place forged DNS data into the cache of a name server at any Internet domain.