How to delete incompatible software with Kaspersky Small Office Security 3

Before you install the Kaspersky SmallOffice Security 3, it is recommended to delete previouslyinstalled Kaspersky Lab products or other anti-virus programs. If any other anti-virus software remains onyour PC before the installation, it will be found by the setup wizard andremoved automatically. If the wizard is unable to remove itautomatically it will ask you to …

Digital Security Software

FIRST IT WAS DESKTOPS, THENLAPTOPS AND NOW TABLETS AND SMARTPHONES ARE TAKING THE WORLDBY STORM.

IN FACT BY LATE 2014 TABLETS AREPREDICTED TO OUTSELL LAPTOPS FOR THE FIRST TIME EVER.

AND THIS YEAR SMARTPHONES WILL OUTSELL NON SMARTPHONES WILL 6BILLION MOBILE DEVICES IN USE WORLDWIDE.

THAT BLOWS MY MIND.

WELL, HERE TO DISCUSS CYBERTHREATS ON DIGITAL DEVICES THAT ORGANIZE AND MANAGE OUR LIVES.

IS STACEY CONNER.

DIRECTOR OF WORLDWIDE MARKETINGAT MACAFEE.

WELCOME BACK.

IT IS ALWAYS SO GREAT TO HAVE YOU HERE.

IT'S GREAT TO BE BACK.

THANK YOU.

NOW, MOST OF US ARE FAMILIAR WITH SOFTWARE PROTECTION ON OURHOME COMPUTERS.

WE KNOW THAT.

BUT WHAT ABOUT WITH ALL THESE NEW SMARTPHONES AND TABLETS.

JULIE QUITE SIMPLY CONSUMERS AREN'T PROTECTING THESE MOBILEDEVICES.

THE TABLETS AND SMARTPHONES AREJUST NOT GETTING PROTECTED AND I THINK WE SEE THIS A LOT.

YOU KNOW WHEN PEOPLE START TO ENGAGE WITH NEW TECHNOLOGY FORTHE FIRST TIME THEY START TO USE THE BASIC FEATURE AND THEY USEIT A LITTLE MORE AND LITTLE MORE.

AND BEFORE YOU KNOW IT, IT'S AS CRITICAL TO YOU AS YOUR WALLETAND CAR KEYS.

WHAT'S FUNNY IS THAT MACAFEERECENTLY COMPLETELY DIGITAL ASSET SURVEY.

AND WE ASKED FOLKS, WHAT IS THE VALUE OF THE ASSETS THAT ARE ONYOUR DIGITAL DEVICES.

AND WHAT WE'VE FOUND.

$35,000.

WHAT?$35,000! UNPROTECTED!UNPROTECTED! WHAT WE'RE FINDING IS THAT WHILEPEOPLE THINK THAT THIS $35,000 WORTH OF ASSETS AREIRREPLACEABLE YET 75% DON'T HAVE ANY KIND OF SOFTWARE TO PROTECTIT.

NOW, TABLETS AND SMARTPHONES VS.

LAPTOPS AND COMPUTERS.

HOW DO THE THREATS DIFFER?THEY REALLY DIFFER IN 2 VERY BIG DIFFERENT WAYS.

THE FIRST FROM A PHYSICAL STANDPOINT.

THE COMPACT NATURE AND FOOTPRINT OFTHESE MOBILE DEVICES MAKE THEM ALITTLE MORE SUSCEPTIBLE TO BEING LOST OR STOLEN.

THE SECOND WAY THAT THEY REALLY DIFFER IS FROM A CYBER POINT OFVIEW.

SO, FROM A PHYSICAL STANDPOINT,IN THAT MOMENT THAT YOU LOSE OR YOUR DEVICE IS STOLEN.

WHAT YOU WANT TO HAVE IS A FEATURE THAT WILL LOCATE, LOCKAND WIPE THAT DEVICE.

WOW.

IF IT'S JUST GONE.

FROM A CYBER PERSPECTIVE.

THE THREATS REALLY MANIFEST THEMSELVES IN THE FORM OF THEAPPLICATIONS THAT WE'RE ALL DOWNLOADING AND USING.

WHAT WE DON'T KNOW SOMETIMES IS THAT THESE APPS THAT DOWNLOADAND USE ARE ACTUALLY COLLECTING A LITTLE BIT MORE INFORMATIONABOUT US THAN WE MIGHT THINK.

OH NO.

YEAH.

YEAH.

AND IT SEEMS THAT SMARTPHONES AND TABLETS ARE GETTING CHEAPERAND CHEAPER.

AND WE CAN JUST REPLACE THEM.

WHY SHOULD WE PROTECT THEM? BECAUSE IT'S REALLY NOT ABOUTPROTECTING THAT DEVICE THAT'S GETTING CHEAPER AND CHEAPER.

IT'S ABOUT PROTECTING THE INFORMATION THAT YOU'RE PUTTINOUT.

THAT'S GETTING MORE AND MOREVALUABLE.

NOW, MANY MOMS AND DADS GIVETHEIR KIDS THEIR OLD LAPTOPS, TABLETS, PHONES.

I AM SO GUILTY OF THIS.

HOW CAN WE BE SURE THAT THOSEARE PROTECTED.

WELL, I'M GUILTY OF IT TOO.

SO THAT'S WHY I UNDERSTAND THIS ONE.

OK.

I WOULD SAY THE FIRST THING ISMAKE SURE THE DEVICE THAT YOU'RE GIVING YOUR CHILD OR TEEN ORTWEEN HAS THE APPROPRIATE COMPREHENSIVE SECURITY ON THEDEVICE.

YOU WANT TO MAKE SURE IT HASFEATURES LIKE PARENTAL CONTROLS AND INTERNET SEARCH FILTERS.

THE ABILITY FOR THE KIDS TO UNDERSTAND THAT IF THEY AREABOUT TO HIT A GOOD SITE, OR A BAD ONE.

YOU KNOW, AS ADULTS WE KIND OF HAVE THAT 6TH SENSE.

RIGHT.

IF SOMETHING JUST FEELS RIGHT.

BUT OUR KIDS JUST HAVEN'T DEVELOPED THAT YET.

AND SO THAT'S WHY IT'S SO IMPORTANT TO HAVE A TECHNOLOGYTHAT'S GOT THEIR BACK.

TO MAKE SURE THEY ARE SURFINGTHE INTERNET AND ENGAGING WITH TECHNOLOGY IN THE ABSOLUTESAFEST WAY POSSIBLE.

AND BEST THING ABOUT THATMACAFEE LIVE SAFE PRODUCT THAT WE'VE JUST BROUGHT TO MARKET.

IT DOES ALL OF THAT.

OH WELL THAT'S GREAT.

WHAT'S YOUR ONE BIG TAKE AWAY? WHAT'S THE MOST IMPORTANT THINGIS YOU COULD SAY ONE THING? IF I COULD SAY ONE THING, ITWOULD BE HAVE PROTECTION ON THE MOBILE DEVICES.

THEY CONNECT TO THE SAME INTERNET THAT YOUR PC DOES ANDTHEY ARE ABSOLUTELY AS VULNERABLE TO SAME KINDS OFTHREATS TO HAVING MOBILE PROTECTION ON ALL OF THOSEDEVICES ABSOLUTELY CRITICAL.

MACAFEE LIVE SAFE IS THE PERFECTPRODUCT TO DO THAT.

CAN YOU JUST COME OVER AND LOOKTHROUGH MY HOUSE.

I'D BE HAPPY TO.

STACEY IT'S ALWAYS TO GREAT TO HAVE YOU HERE.

WHAT A GREAT WAY TO WRAP UP OUR WHOLE SERIES ON SECURITY ANDDIGITAL SECURITY.

THANK YOU SO MUCH FOR JOININGUS.

I ENJOYED IT.

THANK YOU.

THANKS.

AND IT YOU'D LIKE TO FIND OUT MORE ABOUT PROTECTING YOURTABLETS, MOBILE DEVICES, AND OTHER DIGITAL SERVICES PLEASEVISIT LIVESAFE.

COM THAT'S LIVESAFE.

COMAND SHARE YOUR SECURITY CONCERNS WITH US ONFACEBOOK AT BALANCINGACTFANS.

Source: Youtube

antivirus windows firewall software windows security center can’t be started

Hi Windows security system can’t be started Do you face this problem? Click start then select control panel System and security then click action center Notice windows security center service (important) In red color it means important action needed Click on turn on now Action center massage appear The Windows security system can’t be started How to solve it?Click on windows start write service on search box On search result right click on service Select run as administrator Browse service local and select security center We can enlarge the description pan that explain the function Select security center and double click Security center properties pop up Or you can right click on security center and select properties On security center properties pop up go to startup type You discover it is disable select automatic from the drop down list Then click apply and click start and press ok and close the service local Click on windows start select control panel System and security then click action center Now window firewall is turned off or setup incorrectly Click on turn on now Then click turn on manually update firewall click use recommended setting Windows firewall error code massage pop up Click on windows start write service on search box On search result right click on service Select run as administrator Browse service local and select firewall it was disabled Double click firewall properties pop up On firewall properties pop up go to startup type You discover it is disable select automatic from the drop down list Then click apply and click start and press ok and close the service local And now network firewall is on Windows firewall is actively protecting your computer That’s it Thank you for watching fawziacademy please subscribe.

Source: Youtube

The difference between software quality and security defects

Both quality and security defects are bugs,right.

They’re software defects at the end of the day.

It’s really the effect of thosedefects, and who can exploit them and in what way that makes them a quality or securityproblem.

Now, I think developers tend to be less well trained on security as a group.

Quality problems, they tend to be able to recognize better and be able to fix better.

But ultimately these are code level problems and as such, I don’t think there’s reallya clear line between the two.

If you look at many programs, and many programming languages,the exact same bug could be both quality problem and security problem.

And I that that blurringis not necessarily a bad thing, it’s a good thing, because it makes developers realizethat they need to look at the quality and the security of the software together, inorder to get it right.

Source: Youtube

Coverity and Synopsys: Providing Software Quality and Security

So as you heard Aart talk about in his keynote,about a month ago we signed an agreement to acquire Coverity that enters for us the SoftwareQuality and Analysis measurement market.

You can see this is a large market.

It’s about500 million dollars today according to IDC and growing pretty rapidly, about 20 percentper year.

The good news is that with this announcement, we enter this market as theleader.

So why is this market growing so rapidly.

Well I think it’s obvious to everyone that the role of software in the world is justdramatically exploding.

We see in our traditional customer base, and among the companies thatare here at SNUG, many many companies are hiring more software engineers than hardwareengineers today.

And then you look outside of the companies that are attending SNUG today,and many many industries are basically based on software.

Their main differentiation ison software.

They are essentially software companies, whether they are energy companiesor retail companies or telecommunications companies or oil and gas companies.

It’sall built on a software infrastructure.

And if you think about software, it has reallychanged, how we’ve developed software, very much over the last 20 years.

Software is stilldeveloped more or less like cars were developed a hundred years ago.

We write the software.

We get in it, we drive it along and we wait for a wheel to fall off.

And when that happens,we figure out why the wheel fell off, slap it back on, get back in the car and go a littlebit further down the road, and figure out why that wheel came off, etc.

etc.

So this is great but it is really not going to work moving forward.

You see all the timethe cost of software defects exploding.

As a matter of fact, this is probably one ofthe major items in the nightly news.

Now it has always been a problem.

All the way backin 1962, software was destroying space crafts but back then, it was probably a yearly occurrence.

Now you can’t turn on the tv without learning about some major corporation that’s beenembarrassed or practically destroyed or lost 10 percent of their revenue or lost a bunchof their market cap or lost 500 million dollars in just a few minutes because of some defectin software.

So it’s hard to say exactly how much thisis really costing the world but there have been a couple of attempts.

Back in 2002, theNational Institute of Standards estimated that software defects were costing the U.

S.

Economy about 60 billion dollars at that time.

More recently Cambridge University, in 2011,came out with a study in 2012, saying that software defects cost the world economy somethingover 300 billion dollars.

So the scary part isn’t so much what happens now, the 300billion dollars that we’re spending on software defects now.

But it’s really what happensfive and ten years from now if this problem doesn’t get solved.

Right now, softwareis… I think we’re ending the era of flat software.

I’ve talked to customers in thelast month that have 500 million lines of software.

But mostly, it’s just sittingthere and one piece of it is executing at a time.

Now we’re entering an era wherewe’re going to have software in our cars, interacting with navigation systems, drivingour cars for us or at least assisting us, getting much much more complicated.

Much muchmore interactive.

And we just can’t afford to continue forward and end up spending trillionsof dollars in the world working on software defects.

So what can we do about this.

I think it’s time to put some real engineering power behindthis.

You saw this slide that Aart talked about this morning.

This was essentially the‘what if’ slide that launched Synopsys.

And the idea here was, what if a developercan come up with a high level design description, run it through some Secret Technology X, andcome out with a correct schematic.

Wouldn’t that be wonderful.

And that’s really theinnovation that launched the digital revolution.

I mean, there were many.

But without logicsynthesis, we would not have the computers and the mobile technology etc.

that we havetoday, that is essentially driving everything.

So in software, is it possible to do somethingsimilar.

What if there was a software developer and instead of coming up with a concept fora chip, he was writing software.

He was writing C code and I’m sure most of you have alreadydiscerned the bug in that code there… That’s a little piece of bad code.

Unfortunately,the bug in there is one that is going to be intermittent and very hard to find becauseit’s not going to act the same way every time you find it.

But it’s an easy bug toadd.

We all do it, all the time.

In all my coding, every day, I do the same thing.

Whatif you were able to come up with a Technology Y that would go in and identify, without runningand waiting for the wheel to fall off, identify exactly what’s wrong with the code.

Goingback and telling the developer.

Maybe even eventually fixing it for him and allowingyou to spit out good code right after that.

That would be pretty important.

And that’sexactly what Coverity does.

Source: Youtube

More software security, not security software

Hi I'm Dan Raywood IT Security Guru Here with Jeremiah Grossman who is CEO and founder of WhiteHat Security How are you doing? I'm good.

How are you? I'm great thank you very much.

So we've had a conversation about software and security what's the analogy you've just given me? I like what we do.

We need more software security not security software So what you mean is we need software security.

Just explain what you mean exactly So instead of just going out and buying hardware and firewall or antivirus.

We need to make our software more secure.

You know the operating systems we buy the web servers that we buy, the word processors and everything in between.

Because when you really look at information security as far as what the bad guys are going after.

They're targeting exploiting software, so we need software to defend it's self rather than layers of insecure defending the things I think you said that people are buying boxes still trying to hope that that's going to save them and you see more of them move away from that.

I hope were gonna.

I think the world is in transition right now.

We're starting to see over and over again with all the breaches that more boxes more firewall more antivirus is not the answer.

We have to look at Information Security in a completely new way.

We have to get data focused and software security focused and then also drive up the cost of the bad guys.

We start using those three ideas and we'll start to make real improvements in the state of the security of our systems We've had in the last few months the Target breach, the HeartBleed vulnerability and literally at the time of filming we were just talking about this Zero Day.

Is it just that there's a problem in software with those three or two of those three software issues? And that's where the security needs to be more focused.

Yeah those are just the latest examples in a long line of examples of the last 15 years.

That are just you know.

These are software security problems that are not fixable by network security control or even more krpto for that matter even though we take it.

We need more secure software that again drives up the cost of the bad guy.

Unless we start addressing this as a software security problem not a network security control were gonna keep suffering the same rally.

We'll keep having these same discussions Yep And I would like to see things improve I think that's where the world is going Okay.

Well maybe in 12 months time we'll meet again we'll see what's changed.

But Do you think anything would have changed or do you think we're going to stay the same? Well you know there are examples out there you have Microsoft with DEP If you're not familiar with those technologies they're things to make software security harder to crack they assume properties that are harder to exploit We have to use more examples like these across the industry, more ways to make software just that much more secure that much harder to exploit Oh again we'll see where we are in a few month time.

Jeremiah thanks for your time.

Thank you.

Source: Youtube

Mac Security Camera Viewer Software for iDVR-PRO CCTV DVRs

The new IDVR Pro video surveillance DVRs areMac compatible.

Macintosh users can log in to view their security cameras remotely viaweb browser or via the Mac DVR viewer software.

In this video, I'll demonstrate the live remotecamera viewing capability from a Mac using the DVR viewer software that is included.

First thing I'm going to do is click the connect button in the upper left to connect the DVRthat's at our office.

This bottom window here, this DVR log, I can click this arrow to collapsethat out of view to get a bigger camera view and I'm also going to collapse the PTZ andthe DVR list so I get a full screen view of just cameras.

I'll switch to some of the other views just so you can see what the different grid viewslook like.

There's the 9 camera view.

Then I'll switch to the 16 camera view.

The softwarealso supports 25 cameras and 36 camera view on a single screen that requires multipleDVRs.

This is just 1 DVR, so there's only 16 cameras on it.

I'm going to bring the PTZ controls back out.

Camera 1 actually is a PTZ camera.

I'll justshow you real quick, the PTZ controls from the Mac software.

I'll zoom in on this carthat's parked in front of our warehouse.

It'll take a second for the focus to adjust.

Whenyou do a big zoom like that, it takes a second or 2.

There you go.

That's a clear view rightthere.

Then I'll zoom back out.

I'll bring the bottom DVR log window backup and then switch back to the 4 camera grid view.

When I want to disconnect, I just clickthe disconnect button in the upper left and then we disconnect from that DVR.

The outstanding support for Mac is just 1 of the reasons that I love the new IDVR Promodels.

These DVRs can also be accessed remotely from iPhone, iPad, and Android mobile devicesand of course, remote viewing is also available from Window PCs.

The user interface of IDVRPro is one of the most intuitive and easy to use interfaces that I've ever tested ona stand alone CCTV DVR.

If you'd like to learn more about the IDVRPro or would like to log into a demo unit at CCTV Camera Pro Warehouse using IOS, Android,Mac, or Windows please visit www.

Idvrpro.

Com.

Thank you for watching.

Source: Youtube

UW Bothell Master of Science in Cyber Security Engineering

[Michael]Cyber security is a part of our critical infrastructure.

It permeates everything, even if we’re notaware of it.

[Geethapriya]There is such a huge demand for cyber security professionals all over the country and allover the world.

There are all these critical infrastructures that's identified by the government,and every infrastructure – health care sector, industrial sector, banking sector, every energypower grid – every sector needs security professionals.

[Michael]This program fills a critical need in our nation for cyber security professionals, andI think that we’ve developed a curriculum here that is unique for the Pacific Northwestand quite likely for the entire West coast.

[Geethapriya]The curriculum here at UW Bothell in Cyber Security Engineering focuses on three differentthings: protection, detection and correction.

[Brent]The curriculum is really designed to cover a large number of aspects of cyber security.

There's elements of public policy and legal aspects that we cover.

There's a very strongtechnical component where we talk about, you know, how, we talk about network security,cryptography – all the really hard technical sides of it.

[Geethapriya]So the program here, Cyber Security Engineering, has a significant focus on what we call asecure development life cycle, so, or what's called as SDL, so which means from the timeyou start a product, whatever it is – software or any kind of development – from its initiationphase to the termination phase, there is security addressed at every step of it.

[Michael]Our master’s degree culminates in a capstone experience where students will be developing,going through the entire secure development life cycle and developing a real project.

And that project may be something that coordinates with faculty research or it may be somethingthat is a real project brought from industry for them to work on.

[Brent]And so, one of the advantages of doing this is you're putting something on your resumeor your CV that nobody else is going to have.

[Michael]UW Bothell CSS has a set of faculty who are at the forefront of the computing profession.

We have faculty who are from research labs, government labs, industry, who have been steepedin academia for a long period of time and are doing cutting-edge research in a widerange of fields –– including a wide range of fields that hinge on cyber security.

Alongwith our colleagues at the Seattle and Tacoma campuses, we’re working to develop the Universityof Washington to be the premier center for cyber security education in the American West.

Source: Youtube

Introducing Kaspersky Security for Mobile – 2014 – Mobile Device Management (MDM) Software

Transcript | Introducing Kaspersky Securityfor Mobile >>Introduction: Thank you for watching Kaspersky Lab’s video on Security for Mobile >>Text: Introducing Kaspersky Security for Mobile >>Tom Fitzpatrick: Mobile devices have transformedthe way we work and live.

>>Tom Fitzpatrick: And the average personnow uses three or more devices when they're out and about! >>Tom Fitzpatrick: Unfortunately, though,they have also extended the necessary security perimeter beyond your office and out intothe airport lounges and coffee shops of the world.

>>Tom Fitzpatrick: This, along with the BringYour Own Device trend, is creating new and complex security challenges for administratorslike you.

>>Tom Fitzpatrick: Case in point how manyof your employees consider your security polices when they're choosing a mobile devices? >>Tom Fitzpatrick: Probably not many! >>Tom Fitzpatrick: When employees are using mobile devices the business of course sees increased productivity, cost-efficiency andflexibility.

>>Tom Fitzpatrick: But you see something else another attack vector another opportunity for data loss and another bunch of devicesto manage.

>>Tom Fitzpatrick: Suddenly BYOD and mobility has become your problem.

>>Tom Fitzpatrick: Kaspersky Security forMobile combines a mobile security agent with mobile device management capabilities.

>>Tom Fitzpatrick: It gives you increasedvisibility and deeper security for mobile endpoints without the complexity of separate solutions.

>>Tom Fitzpatrick: The key features include support for both tablets and smartphones MDM for the administrator including over the airprovisioning and agent-based mobile security for the device.

>>Text: Mobile device management (MDM) >>Tom Fitzpatrick: MDM allows administrators to securely configure and deploy smartphones and tablets in a similar way to PCs, laptopsand other IT assets.

>>Tom Fitzpatrick: You can extend your wired security strategy and policies to your mobile devices, where ever they happen to be.

>>Tom Fitzpatrick: As the administrator, using our integrated console you can automate management and control tasks such as device configuration software updates and backup and restore.

>>Tom Fitzpatrick: You can define policiesin a granular, flexible way, right down to the device itself.

>>Tom Fitzpatrick: For example, jailbrokenor otherwise compromised devices can be blocked from your network, remotely locked, or even wiped.

>>Tom Fitzpatrick: You'll also receive a notification whenever one of these devices tries to connect, so you can track down rogue devices.

>>Tom Fitzpatrick: And with over the air provisioning, you can configure and control devices remotely, simply by sending a text message or an email.

>>Tom Fitzpatrick: From there, users are directed to a captive portal where your applications and your preconfigured settings are downloaded.

>>Tom Fitzpatrick: This means you don't have to physically handle the device to provision and control it.

>>Text: BYOD made easy >>Tom Fitzpatrick: Because mobility and BYOD can create a gaping hole in your security posture, you should apply tough restrictions on all devices including those that are employee owned.

>>Tom Fitzpatrick: One such technology that you should plan on implementing is Containerization.

>>Tom Fitzpatrick: It's a simple solutionthat completely separates personal and business content on a device.

>>Tom Fitzpatrick: If the phone gets lost,the administrator can enable a remote lock or delete the business content.

>>Tom Fitzpatrick: This is important if theemployee leaves the company and wishes to take their own device with them.

>>Tom Fitzpatrick: For additional security,Kaspersky makes it easy to enable the encryption of sensitive data within the container, which reduces the impact of a lost or stolen device.

>>Text: Kaspersky Lab's Mobile Device Managementand Mobile security >>Tom Fitzpatrick: Because MDM is a managed component of the Kaspersky Security Center, you won't need additional training to beginsecuring your mobile deployments.

>>Tom Fitzpatrick: And because our award-winning anti-malware technology sits at the core you can rest assured that your devices are protected from an ever-growing number of mobile threats.

>>Tom Fitzpatrick: There are plenty of otherfeatures that Kaspersky Security for Mobile enables, such as GPS find, forced passwords, and SIM watch, which will notify you if a SIM card has been changed.

>>Tom Fitzpatrick: By simplifying and automating the secure configuration of multiple devices you're not only reduce your administrativeburden, but you're also supporting better mobile security practices.

>>Text: Kaspersky >>Text: Get started now: Free 30 Day Trial>>Text: Register at kas.

Pr/business-trial >>Text: Join the conversation #securebiz.

Source: Youtube

Networking Security Intro – Georgia Tech – Software Defined Networking

To see how see how a DNS cache poisoning attack works, consider a network where a stub resolver issues a query to its recursive resolver, and the recursive resolver in turn sends that A record query to the start of authority for that domain.

Now, in an ideal world, the authoritative name server for that domain Would reply with the correct IP address.

If an attacker guesses that a recursive resolver might eventually need to issue a query for say, www.

Google.

Com.

The attacker can simply reply with multiple, specially crafted.

Replies each with different id's.

Although this query has some query id, the attacker doesn't need to see that query because the attacker can simply flood the recursive resolver with a bunch of bogus replies and one of them, in this case the response with id3 will match.

As long as this bogus response reaches the recursive resolver before the legitimate response does, the recursive resolver will accept this bogus message.

And worse, it caches the bogus message.

And DNS, unfortunately, has no way to expunge.

A message once it has been cached.

So now this reclusive resolver will continue to send bogus A record responses for any query for this particular domain name until that entry expires from the cache.

Now there's several defenses against DNS cache poisoning, and we've already seen one, which is the query ID.

But of course, the query ID can be guessed.

The next defense is to randomize the ID so rather than having a resolver, end queries where the ID's increment in sequence, the resolver can pick a random ID.

This makes the ID tougher to guess, but still, the query ID is only 16 bits, which still makes it possible for an attacker to flood the recursive resolver with many possible responses.

And, it's likely that, with relatively few responses, One of these bogus responses will match the ID for the real query.

Due to the birthday paradox, the success probability for achieving a collision between the query ID of the query ,and of the response actually only requires sending hundreds of replies, not a complete 32,000.

Due to the birthday paradox, The probability that such an attack will succeed, using only a few hundreds of replies, is relatively close to one.

The attacker does not need to send replies with all two to the 16th possible IDs.

The success of a DNS cache poisoning attack not only depends on the ability to reply to a query with a correct matching ID, but it also depends on winning this race.

That is, the attacker must reply to that query before the legitimate authoritative name server replies.

If the bad guy, or the attacker, loses the race, then the attacker has to wait for that correct cached entry to expire, before trying again, however the attacker can generate his own DNS query.

For example, he could query one.

Google.

Com, two.

Google.

Com and so forth.

Each one of these bogus queries will generate a new race.

And eventually the attacker will win one of these races for an A record query.

But who cares? Nobody necessarily cares to own one.

Google.

Com, or google.

Com.

The attacker really wants to own the entire zone.

Well the trick here is that instead of just simply responding with A records in the bogus replies.

The attacker can also respond with NS records for the entire zone of google.

Com.

So by creating one of these races, using an A record query, and then responding not only with the A record response, but also with the authoritative of the NS record,for the entire zone.

The attacker can in fact own the entire zone.

This idea of generating extreme of A record queries to generate a bunch of races and then stuffing the A record responses for each of these with a bogus authoritative NS record for the entire zone.

Is what's called the Kaminsky Attack, after Dan Kaminsky, who discovered the attack.

The defenses of picking a query ID and randomizing the ID, help, but remember the randomization is only 16 bits, so let's think about other possible defenses.

Source: Youtube