This document summarizes Dan Kaminsky's 2007 talk at Black Hat about exploiting vulnerabilities in the DNS system and web browser security policies to enable arbitrary TCP and UDP access from within a web browser. Kaminsky describes how controlling DNS responses allows an attacker to bypass firewalls and access internal networks by manipulating the browser's view of domain names and IP addresses. He then outlines his proof-of-concept attack software called "Slirpie" that implements a VPN-like tunnel using only a compromised web browser.