I’ve been toying around a little with DNS rebinding code lately, with some mixed results. Firstly, Java fixed their DNS rebinding issues (although it is my opinion they are still vulnerable, just in a different way - I talked with Dan Kaminsky about this and he agrees. Also CUPS fixed their DNS rebinding issues as well. All good things. However, there’s still tons of exploits left to find in this arena.