Take Quiz

Your name and email are stored only in your browser local storage for convenience. They are not retained server-side.

NameEmail

Question 1

What specific flaw in the DNS resolver software BIND, disclosed in 2025, contributes to the resurgence of DNS cache poisoning attacks?

A buffer overflow vulnerability in handling DNS responses that allows remote code execution. A weakness in the pseudorandom number generator (PRNG) that allows prediction of source port and query ID used in DNS requests. A denial of service vulnerability caused by mishandling large DNS responses leading to resolver crashes. An authentication bypass in handling DNSSEC signatures leading to acceptance of forged DNS records.

Question 2

According to the episode, why is the presence of a weak PRNG in DNS resolvers especially inexcusable in 2025?

Because all DNS resolvers are required by global standards to use hardware-based true random number generators. Because the DNS protocol mandates the use of cryptographic random functions in resolver software implementations. Because DNS resolvers operate offline and have no network access to obtain external entropy sources. Because DNS resolvers exist on unpredictable, high-entropy networks and should readily harvest sufficient entropy to seed a strong PRNG.

Question 3

What was Dan Kaminsky's 2008 proposed mitigation to DNS cache poisoning involving query IDs and source ports?

To randomize both the source port and query ID of DNS requests to provide approximately 32 bits of entropy against spoofing. To reduce DNS TTL values to zero to force resolvers to frequently refresh records and avoid cache poisoning. To switch DNS transport from UDP to TCP exclusively to enable connection-based authentication. To add digital signatures to all DNS queries to authenticate origin and prevent spoofing.

Question 4

In the episode's discussion of Microsoft's upcoming WiFi tracking feature in Teams, what control do tenant administrators have over this feature?

Tenant admins can configure WiFi tracking only on mobile devices, not on desktop clients like Windows or Mac. Tenant admins can enable or enforce the WiFi location tracking feature and require users to opt-in possibly by policy, effectively forcing usage. Tenant admins have no control; WiFi tracking is always enabled by default with no opt-in option. Tenant admins can only suggest users enable WiFi tracking, but users must manually opt-in with no admin enforcement.

Question 5

What are the three primary initial access vectors for ransomware attacks reported by Coveware for Q3 2025 as described in the episode?

Remote access compromise, phishing/social engineering, and software vulnerability exploitation. IoT device compromise, DNS cache poisoning, and third-party SaaS breaches. Supply chain injection, insider threats, and hardware exploits. Email attachment malware, zero-day exploits, and privileged credential theft.

Cancel

Episode #1049 Quiz

Question 1

Question 2

Question 3

Question 4

Question 5