Attacks begin on net address flaw:

Paddy · July 26, 2008, 11:59:38 PM

http://news.bbc.co.uk/1/hi/technology/7525206.stm

Quote
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

numbnuts.. :shock:

Eric the Red · July 27, 2008, 12:12:49 AM

This is to do with the DNS poisoning that is in the news at the moment. I suggest that anyone interested should check out The Register at the following link:

http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/

Whilst there follow the link "Check my DNS" to the Doxpara site and use the tool there to find out how your ISP's DNS server is coping with this problem.

R-C · July 27, 2008, 07:01:11 AM

two more test sites for the dns check are
www.dnsstuff.com
DNS Randomness Test

Frands · August 07, 2008, 06:07:59 PM

Update:

QuoteA recently found flaw in the internet's addressing system is worse than first feared, says the man who found it.

http://news.bbc.co.uk/2/hi/technology/7546557.stm

Eric the Red · August 07, 2008, 10:24:16 PM

Quote"The biggest gap in security rests between the keyboard and the back of the chair,"

Ken Silva,
CTO Verisign.

That should be carved in stone. :breakkie:

Niecarrah · August 09, 2008, 12:17:43 AM

Boy Oh Boy...you stated a mouthful!! TRUTHFUL and Painful as it is.

Quote from: Eric the Red on August 07, 2008, 10:24:16 PM
Quote"The biggest gap in security rests between the keyboard and the back of the chair,"

Ken Silva,
CTO Verisign.

That should be carved in stone. :breakkie: edited for impact, hope you don't mind?

Aaron Hulett · August 09, 2008, 01:35:13 AM

But in this case, the person in the chair doesn't need to do anything to be affected - if the DNS server is poisoned and feeding poisoned results, you'd have to either notice it replied with an odd IP than usual (who the heck would know that) or that the page you went to seems a bit "off" from before (what's stopping them from saying, "Brand new look!"?).

R-C · August 09, 2008, 06:28:06 PM

Exactly! the average person in the chair is pretty much clueless in these situations.

Just saw this article:
http://venturebeat.com/2008/08/09/the-patch-for-critical-internet-flaw-may-be-flawed-itself/

"Evgeniy Polyakov, a physicist, said that he figured out a flaw in the patch for DNS, which is like the Internet's telephone book, in just ten hours of work. He posted the news on his blog. Kaminsky said at Black Hat this week that the threat of the flaw was wider than he announced on July 8. That's because there are a series of common Internet functions — such as sending a new password to a user who has forgotten it — that depend on the accuracy of DNS addresses."

Looks like just the tip of the DNS iceberg, much more work will be needed.

I am getting such varying results on the dns tests I don't know which to believe, I prefer to believe the one that says Good and Great but the one that sometimes shows poor is not comforting. I know Verizon was slow to patch many of their servers saying they were not theirs but actually Level 3 servers from the GTE era, well I am a Verizon customer therefore I expect Verizon to be responsible in getting my connection safe... I pay my money to them.
There is a very neat new video on doxpara that shows the time lapse spread of the patch.

R-C · August 09, 2008, 06:41:44 PM

If anyone is interested Steve Friedl has put out an illustrated guide to the DNS vulnerability

http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html