Please respond directly to DHS via the contacts below if you have any relevant information: The Station Fire in northern Los Angeles County, CA is threatening the Mount Wilson Communications Facility. Some other facilities determined to be of significant critical infrastructure and key resources (CIKR) are the NASA Jet Propulsion Lab, Mount Lukens and Mount Disappointment Communications Facilities, 33Kv, 220Kv power lines, and Gould power substation. The National Coordinating Center (NCC) needs input from its NCS partners regarding anticipated impacts to Federal communications systems and assets.Please respond directly to DHS via the contacts below if you have any relevant... more
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
FoolDNS is an Italian startup that protect users from tracking operations performed by advertising networks. It removes banners, ads and any kind of advertising from websites that you visit. But there's something wrong...FoolDNS is an Italian startup that protect users from tracking operations performed by... more
FoolDNS è un progetto italiano che si prefigge la protezione degli utenti da operazioni di profilazione e tracciamento operate dai grandi network pubblicitari. In parole povere elimina la pubblicità dai siti che visiti.
Sembra perfetto ma c'è qualcosa che scricchiolaFoolDNS è un progetto italiano che si prefigge la protezione degli utenti da... more
Il sequestro dei siti in Italia viene applicato in gran parte tramite i DNS. Il meccanismo è piuttosto semplice anche se non di facile descrizione. Provo a far capire cosa sono e come funzionano i DNS, ed in che modo alcuni siti vengono oscurati tramite di essi.Il sequestro dei siti in Italia viene applicato in gran parte tramite i DNS. Il... more
Had someone with ill intent been as smart or as lucky as security engineer Dan Kaminsky, the entire Internet could have been rendered mostly inoperative. The extent of just how big a fix he implemented, is only now being realized.
There is an entire subculture that has developed around the notion of deconstructing information technology. And like those who prefer to fish in pre-stocked ponds, the people who populate this subculture are not, for the most part, particularly clever. They may be adept with their tools, but they don't construct exploitation strategies for themselves. Rather, they wait until someone smarter can do it for them.
In fact, that's the whole principle behind the "zero-day exploit," which is a bit like hyenas celebrating the availability of low-hanging fruit. Today, it's security engineers who discover the most clever possible exploits in IT systems and software. But it's typically the way those engineers alert software companies and their customers to the existence of the problem, that in and of itself causes the greatest security risk. When the smarter birds of prey can detect from a high vantage point where the ripest fruit has fallen from the trees, the hyenas can easily track them on their way to dinner.
This was the problem with respect to the implementation of one of the largest-scale fixes in the history of the Internet last month: Since 2002, it's been generally known among network engineers that there was probably a way to pollute Domain Name Server caches, using a trick of accurately guessing the source port from which a DNS name resolution would come, and then spoofing that port with a false response that could redirect users to completely different Web sites without their knowledge.
If the spoofed site was a bank, the spoof could ask for and receive user IDs without them knowing it wasn't that bank. If the spoofed site was a customer service site, users would blithely give them their support ticket numbers and license IDs. There was no telling how far this could have gone.
Maybe, just maybe, some users would have spotted the fact that the certificate sent by the spoofing site didn't match the one that was spoofed. But how many users get those certificate warnings every day, from legitimate sites that simply haven't updated their certificate or are deploying it incorrectly? Users may be growing accustomed to simply clicking on "Allow."
A few months ago, Doxpara Research security engineer Dan Kaminsky -- who had been sounding alarms about this problem for at least six years -- decided he would help manufacturers implement a patch to the DNS deficiency, one which would not only randomize the source port but exponentially increase the size of the pool from which those port numbers are chosen. Both DNS servers and clients (i.e., any computer that uses DNS to resolve a URL with an IP address) would need to implement this patch.
But if Microsoft or Cisco or any one single company simply reacted to his warning by issuing a patch, that could trigger what we now know as the "zero-day effect:" Malicious users could disseminate not only the severity of the potential problem but the dynamics of it, simply by reverse-engineering the fix. Then they could potentially exploit all the other unpatched portions of the Internet, from manufacturers that had not yet caught up.
Wolfgang Kandek is the chief technology officer for Qualys, a vulnerability management company that works with enterprises to devise security policies and implement more secure software. Kandek is personally familiar with Kaminsky's work, and has surmised the huge problem he faced down.Had someone with ill intent been as smart or as lucky as security engineer Dan... more
At the ongoing Blackhat conference in Las Vegas, Dan Kaminsky revealed some concrete info on the infamous DNS bug that he uncovered some time ago.
According to the information received, the bug is the worst that has been uncovered in over a decade. Apart from the DNS Cache poisoning that was initially revealed the bug could also be used to attack VPNs, SSL certification, automatic software update systems, spam filters and VOIP systems. The reason that this bug is so dangerous is that it affects DNS. DNS as it is widely known is the heart of the internet, as it is central for any kind of internet activity.
To resolve this issue to a large extent, Kaminsky worked with nearly 80 major vendors and software companies. Though the bug was initially discovered last month, Kaminsky rightfully held off discussing the bug openly and making a full disclosure as is the accepted industry practice.
This was a good move as the chaos that could have ensued with a bug this big cannot be envisioned. In the time since his initial announcement, virtually every major OS and software developer has issued patches to fix their products. At the ongoing Blackhat conference in Las Vegas, Dan Kaminsky revealed some concrete... more
That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.
It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.
When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.
BreakingPoint employees noticed the problem early today after friends and family who were also using the AT&T DNS server noticed that their Google.com Web page didn't look quite right (hackers had omitted the NASA-themed logo that Google used on Tuesday).
In early July, computer security experts began warning this type of cache poisoning attack could be pulled off much more easily than previously thought, thanks to a new technique. Early last week, technical details of this attack were leaked to the Internet and HD Moore's Metasploit project quickly released the first software that exploited this tactic.
Now he's one of the first victims of such an attack. "It's funny," he said. "I got owned."
Things may not be so funny to ISPs (Internet Service Providers) who are scrambling to roll out patches to their DNS software before these attacks become more widespread.
The flaw has to do with the way that DNS programs share information over the Internet. In a cache poisoning attack, the attacker tricks a DNS server into associating malicious IP addresses with legitimate domains, such as Google.com. Security experts say that this type of flaw could lead to very successful phishing attacks against Web surfers whose ISPs have not patched their servers.
Because of the nature of the AT&T hack, Moore doesn't believe that he was targeted by the hackers. Even BreakingPoint employees didn't realize that their internal DNS server had been configured to use the AT&T machine. Instead, he thinks that they were simply trying to make a quick buck.
AT&T representatives were not immediately available to comment on the incident.
Moore believes that this type of attack may be going on at other ISPs as well, however.
Dan Kaminsky, the IOActive researcher who first discovered the DNS problem, said that he's heard reports of other attacks, although he declined to say how widespread they were. "The capability to do a lot of damage is out there," he said.HD Moore has been owned.
That's hacker talk, meaning that Moore, the creator of the... more
Sei mesi fa, un certo Dan Kaminsky, esperto in sicurezza informatica, ha casualmente trovato forse il più grande buco di sicurezza della recente storia di Internet. Un problema da far rizzare i capelli a Microsoft, Cisco e a molti altri. Ecco perché non se ne è saputo nulla, tutto è stato tenuto sotto silenzio per evitare che qualche malintenzionato sfruttasse questa vulnerabilità in maniera illecita.
La falla scovata si trova nei Dns, i server che traducono gli URL in indirizzi numerici e che sono indispensabili per la navigazione su Internet. Ma il problema non risiede in una parte del software Dns, ma nella sua globale realizzazione, come dire che tutti i server Dns, da quelli principali, sino a quelli casalinghi, sono insicuri.
Senza scendere in particolari tecnici degni dei migliori programmatori, basti sapere che l’errata progettazione dei server Dns potrebbe causare pesanti attacchi di phishing perché si potrebbero utilizzare i Dns per reindirizzare l’ignaro utente verso siti poco leciti.
Alcuni giorni fa è stata distribuita una patch che eleva il grado di sicurezza dei server Dns, ma che non è risolutiva perché molti cracker potrebbero da essa trovare il modo di bucare i Dns server. Come al solito, “dal vaccino si recupera la chiave della malattia”.
Quello che si dovrà da fare e in tempi rapidi è la riprogettazione dei server Dns per eliminare alla radice questa voragine.
Per chi volesse testare la sicurezza dei propri Dns è sufficiente recarsi sul blog degli esperti di sicurezza delle reti americane e con un semplice click effettuare la diagnosi.Sei mesi fa, un certo Dan Kaminsky, esperto in sicurezza informatica, ha casualmente... more
