Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

DNS remains vulnerable one year after Kaminsky bug

One year after Kaminsky detailed DNS’ design flaw that allows for cache poisoning at the Black Hat conference, DNS remains more vulnerable than before. Even though most have patched DNS for this specific issue, DNS it thought to be more vulnerable because hackers are more aware of DNS vulnerabilities since Kaminsky’s presentation. Cache poisoning attacks continue with the most recent one aimed at an Irish ISP only 7 days ago.

Click here for more information.

Skype singled out as threat to Russia’s security

Earlier this year Russia’s president said foreign Internet companies not based in Russia could serve as a threat to Russia’s national security. Russian telecom executives have portrayed the more popular VoIP programs such as Skype and Icq as foreign firms encroaching on Russian territory, thus much fall under government control. “Protect investments and fight VoIP services.” was one of the messages used by the group of telecom executives. The executive’s proposal was to create their own VoIP services that may “safely” be delivered to Russian citizens. They are expecting 40% of calls to be made via VoIP by 2012. Meeting delegates said it was impossible for the police to spy on current VoIP conversations.

Click here for more information.

UAE cellular carrier rolls out spyware as a 3G “update”

Seen by security experts as the next great frontier for distributing malware the mobile phone market is ripe for such malware infusion. However, will all malware be from the malicious/hacker community? Earlier this week blackberry users in the UAE received a text asking them to follow the link to download software that will improve the handoff between 2G and 3G networks. The main issues here are:

• The software was not known by RIM, makers of Blackberry.

• The premise that the download would improve cellular communications was wrong.

• The software installed was from the local network service provider, thus not from a source that should be untrusted.

• The software was actually spyware that would send copies of e-mails to the service provider.

Click here for more information.

Shoot-to-kill policy targets Hull’s P2P users

As countries struggle with implementing a 3-Strikes law of disconnecting users after 3 attempts of downloading copyrighted material, one ISP in the UK has taken matters into their own hands. Citing violation of the provider’s Acceptable Use Policy users are disconnected after the first time. Users can only have connectivity reinstated once they sign a form admitting their guilt.

Click here for more information.