DNS rebinding attacks • It forces a browser to pin the first DNS response for a hostname in cache; no additional queries are allowed • The first attack against it was documented in 1996 by Princeton researchers; against Java, not browsers • May violate RFC 2616 (HTTP/1.1) RFC ...