Tag: IBM X-Force Research

Security is a mindset, not an exception

In an effort to get things done, we often kick healthy security hygiene to the curb in exchange for expediency and convenience. We convince ourselves that we'll make this one exception and over time, that becomes the default mode of operation.

Taking on a Zero Day with Intelligence

The situation described here does not come from the ivory tower; instead it comes from the real world and shows how to rapidly and efficiently address a zero-day vulnerability. You are probably already overwhelmed with patching. Alternatively, you...

CVE-2011-4313: How to DOS BIND9 with Typical DNS Responses

As I was looking through my old projects, I came across this old DOS vulnerability in BIND9: CVE-2011-4313. This caught my attention because rather than the typical case of parsing error from malformed fields, the root cause for this crash arises...

Subverting BIND's SRTT Algorithm: Derandomizing NS Selection

New vulnerability found in BIND, the most popular DNS server. Exploiting this vulnerability allows to reduce the amount of effort required for an off-path (blind) DNS cache poisoning attack. This blog post describes the vulnerability in a less...