Meanwhile Felix Lindner, head of Recurity Labs, released his Cisco forensics tool, called CIR (Cisco Incident Response), which he has beta tested for the past several months. There will be a free version, which will check a router’s memory for rootkits, while a commercial version of the software will be able to detect attacks and perform forensic analysis of the devices.

This software will give network professionals like Fischbach a way to go back and look at the memory of a Cisco device and see if it has been tampered with. “I think there’s a use for it,” he said. “To me, it’s part of the tool kit when you do forensics, but it’s not the only tool you should rely on.”

That little DNS problem

The other dominating news from Black Hat was the widely anticipated discussion about the highly publicized flaw in the Domain Name System (DNS), used by computers to find each other on the Internet.

Dan Kaminsky’s full-time job over the past few months has been working with software vendors and Internet companies to fix a security problem with DNS. Kaminsky first disclosed the problem on July 8, warning corporate users and Internet service providers to patch their software as quickly as possible.

Last week he disclosed more details of the issue during a crowded session at the Black Hat conference, describing a dizzying array of attacks that could exploit DNS. Kaminsky also talked about some of the work he’d done to fix critical Internet services that could also be hit with this attack.

By exploiting a series of bugs in the way the DNS protocol works, Kaminsky had figured out a way to very quickly fill DNS servers with inaccurate information. Criminals could use this technique to redirect victims to fake Web sites, but in Kaminsky’s talk he described many more possible types of attacks.

He described how the flaw could be used to compromise e-mail messages, software updating systems or even password recovery systems on popular Web sites.

And though many had thought that SSL (Secure Socket Layer) connections were impervious to this attack, Kaminsky also showed how even the SSL certificates used to confirm the validity of Web sites could be circumvented with a DNS attack. The problem, he said, is that the companies that issue SSL certificates use Internet services like e-mail and the Web to validate their certificates. “Guess how secure that is in the face of a DNS attack,” Kaminsky said. “Not very.”