A recently found flaw in the internet's addressing system is worse than first feared, so Dan Kaminsky said when speaking publicly about his discovery at the Black Hat conference in Las Vegas.He said fixes for the flaw in the net's Domain Name System (DNS) had focused on web browsers but it could be abused by hackers in many other ways.
"Every network is at risk," he said. "That's what this flaw has shown."
DNS is the internet's address book and helps computers translate the website names people prefer so www.neowin.net gets translated to its real address of 209.124.63.212
Mr Kaminsky discovered a way for malicious hackers to hijack DNS and re-direct people to fake pages even if they typed in the correct address for a website. In his talk Mr Kaminsky detailed 15 other ways for the flaw to be exploited.
Using the flaw hi-tech criminals or pranksters could target FTP services, mail servers, spam filters, Telnet and the Secure Socket Layer (SSL) that helps to make web-based transactions more secure.
Seriously though, how has this gone undetected for so long?
Haha, well considering the exploit is now out in the wild since the Black Hat conference, the internet does have the potential to get hax0red. The only option? Disconnect your **** and run!
http://media.grc.com/sn/sn-155.mp3
At the end after he talks about how DNS works he talks about how the flaw works. Its really scarry stuff.
Long Story short if an ISP hadn't patched this flaw, then a hacker in a mater of minutes could change the DNS record for paypal.com on the ISP's DNS server.
So now everyone of the ISP's customers that go to paypal.com will be going to a phishing site. It can also give the record a long TTL so it won't expire for a while.
I recommend to stay safe, to use OpenDNS. www.OpenDNS.com which isn't effected.
http://media.grc.com/sn/sn-155.mp3
At the end after he talks about how DNS works he talks about how the flaw works. Its really scarry stuff.
Long Story short if an ISP hadn't patched this flaw, then a hacker in a mater of minutes could change the DNS record for paypal.com on the ISP's DNS server.
So now everyone of the ISP's customers that go to paypal.com will be going to a phishing site. It can also give the record a long TTL so it won't expire for a while.
I recommend to stay safe, to use OpenDNS. www.OpenDNS.com which isn't effected.
I was listening to that on the way home from work the other day, I had no idea DNS was so... trusting...
Eggs & single baskets come to mind.
Eggs & single baskets come to mind.
How does that make sense? How do you suggest using multiple DNS providers?
Eggs & single baskets come to mind.
How does that make sense? How do you suggest using multiple DNS providers?
You don't understand? You put all your eggs into one basket and it's easier to steal them all at once. So, if everybody uses OpenDNS, wouldn't it be easier to "hack" them all at once with the next best exploit? Don't tell me it's perfectly secure because there's no such thing
However, you don't need to go that far in using another DNS server if your ISP's DNS server is fine. Just check whether or not you can be affected at www.doxpara.com , if you are then yes, use another DNS server that isn't compromised otherwise stick with your ISP's, it's the fastest for you.
It certainly has.
But it wasn't vulnerable in the first place.
Like very little DNS servers did was to do source port randomizing of 16bit of which a range of 1024-65535 UDP ports would be open at a time for a response back for a lookup. This and the 16bit Query ID means the attacker has a 1 in over 4 billion to successfully take over a DNS address compared to 1 in 65536 (if on a fixed UDP port).
for the low low price of "FREE!!"
208.67.222.222
208.67.220.220
add those DNS numbers and your golden
Last edited by warwagon on 07 Aug 2008 - 17:45
for the low low price of "FREE!!"
208.67.222.222
208.67.220.220
add those DNS numbers and your golden
there is no need, Comcast isn't vulnerable.
for the low low price of "FREE!!"
208.67.222.222
208.67.220.220
add those DNS numbers and your golden
there is no need, Comcast isn't vulnerable.
Still has great phishing and ad-ware site protection.
OpenDNS supposedly never was vulnerable because they had designed their systems better in the first place or something
still even if that's true i dont think it would hurt me much since say it was a website you ordered stuff from... without the 'ssl' lock being there which it's pretty safe to assume it wont be since it aint the legit site.. then i dont see how it could hurt me all that much unless im missing something?
still even if that's true i dont think it would hurt me much since say it was a website you ordered stuff from... without the 'ssl' lock being there which it's pretty safe to assume it wont be since it aint the legit site.. then i dont see how it could hurt me all that much unless im missing something?
Depends on what site you're browsing. Not every site uses a form of encryption, even though most should. Sites like MySpace and Facebook would probably be the first target for phishers.
still even if that's true i dont think it would hurt me much since say it was a website you ordered stuff from... without the 'ssl' lock being there which it's pretty safe to assume it wont be since it aint the legit site.. then i dont see how it could hurt me all that much unless im missing something?
Depends on what site you're browsing. Not every site uses a form of encryption, even though most should. Sites like MySpace and Facebook would probably be the first target for phishers.
i see your point... but im mainly referring to more serious stuff like getting your credit card info stolen etc... cause i myself never order from a site without SSL enabled. so if that's not there i would detect that something is up.
stuff like myspace etc would not be to serious if people's username/passwords got stolen unless people just wanted to harm there data on there accounts etc right?
still even if that's true i dont think it would hurt me much since say it was a website you ordered stuff from... without the 'ssl' lock being there which it's pretty safe to assume it wont be since it aint the legit site.. then i dont see how it could hurt me all that much unless im missing something?
Depends on what site you're browsing. Not every site uses a form of encryption, even though most should. Sites like MySpace and Facebook would probably be the first target for phishers.
i see your point... but im mainly referring to more serious stuff like getting your credit card info stolen etc... cause i myself never order from a site without SSL enabled. so if that's not there i would detect that something is up.
stuff like myspace etc would not be to serious if people's username/passwords got stolen unless people just wanted to harm there data on there accounts etc right?
Well that and the fact that once their accounts are compromised, so are their profiles which would allow the hacker to insert malicious code and any body who visited the profile would run the malicious code. Also, if done convincingly enough (or some people are simply that stupid/trusting), they message the persons friends to a download for something that might be appealing (mp3 download, ringtone, etc.) which then could be anything, a worm, a trojan/backdoor, etc. They're generally after the stupid ones because there's more of them. Once the user is infected, they are at the hackers will and the DNS flaw becomes pretty pointless
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.