tagged w/ dns
-
Now here's a quirky twist in the ongoing SOPA opera. Comcast has just deployed DNSSEC technology across its entire internet service, which adds an extra layer of security to websites by checking that they have a special DNS signature to prove their identity. All well and good, except that in the process Comcast has been forced to admit that DNSSEC is "technically incompatible" with DNS redirect tools -- which happen to be precisely the tools that the Stop Online Piracy Act would use to block websites accused of copyright violation. The irony only deepens when you realize that Comcast is a major proponent of SOPA and, if anything, ought to be able to comply with its future edicts.Now here's a quirky twist in the ongoing SOPA opera. Comcast has just deployed... more
-
-
A group led by former Pirate Bay co-founder Peter Sunde is forming to develop a peer-to-peer-based alternative to today's ICANN-controlled DNS system, according to a blog posted on Tuesday. A tweet on Sunde's account dated Nov 28 said: "Alternative dns root is step 1. Step 2 is the new DNS system that is in the making. It's not advanced, it's p2p and more secure." The tweet generated a fair amount of interest according to Sunde and he has posted a follow up post on a blog called "P2P DNS" stating:
"We haven't organized yet, but trying to. The background for this project is that we want the internet to be uncensored! Having a centralised system thatcontrols our information flow is not acceptable.
By using existing technology for de-centralisation together with already having a crew with skilled programmers, communicators and network specialists, an alternative system is not far away. We're not going to re-invent the wheel, we're going to build on existing technology as much as possible.
There will be a press release shortly with more details."A group led by former Pirate Bay co-founder Peter Sunde is forming to develop a... more
-
-
MicroSolved, Inc. (MSI) has developed the 80/20 Rule of Information Security that proposes the concept that 80% of an organizations’ real information security comes from only 20% of the assets and effort put into the program. These 13 security projects will give your organization the most effective information security coverage for the least expenditure of time and resources. These projects, once completed, should allow CIO’s to create an effective, efficient, and standards-based approach to information security…
http://information-security-resources.com/2010/02/17/the-8020-rule-for-information-security/MicroSolved, Inc. (MSI) has developed the 80/20 Rule of Information Security that... more
-
-
Infosec Island, the new community for IT and information security professionals, today announced that its new enhanced authentication service based on the SyferLock™ GridGuard™ solution, is now live. Deploying this technology provides Infosec Island members with the option to login with a very high level of security for confidential business, personal or security-related communications. SyferLock’s GridOne authentication is available on Infosec Island to all registered members, and membership is free.
http://information-security-resources.com/2010/02/16/syferlock-gridguard-live-on-infosec-island/Infosec Island, the new community for IT and information security professionals, today... more
-
-
Similar to security assessments, network architecture designs and other projects, a development project, such as this one involves the exchange of confidential data, including in this case, intellectual property designs, requirements documents, test plans, code fragments and road maps. We could have chose to exchange these documents over email, or printed them out and sent them next day parcel post. Instead, we ate our own dogfood and utilized IslandPKI encrypted document and message transfer…
http://information-security-resources.com/2010/02/16/how-a-security-company-applies-security/Similar to security assessments, network architecture designs and other projects, a... more
-
-
WireHead SecurityTM, an information security services firm providing customers with solutions to strengthen internal security and risk management, today announced a partnership agreement with the North Carolina Independent Colleges and Universities (NCICU), under which member institutions can take advantage of discounted service pricing. NCICU is comprised of North Carolina’s 36 private, non-profit liberal arts, comprehensive, and research colleges and universities accredited by the Southern Association of Colleges and Schools.
http://information-security-resources.com/2010/02/02/wirehead-security-partners-with-ncicu/WireHead SecurityTM, an information security services firm providing customers with... more
-
-
Infosec IslandTM, the new online community designed especially for IT and network professionals who manage information security, risk and compliance issues, today acquired Information-Security-Resources.com, one of the leading online news portals addressing security issues. ISR brings a number of high profile authors to Infosec Island, who will regularly offer their rich experience and broad set of security expertise for the benefit of the community. The combination of the two communities also allows for Infosec Island’s free and premium tools to be made available to ISR’s international audience – adding further value to their existing readership.
http://information-security-resources.com/2010/01/18/infosecislandcom-network-acquires-isr/Infosec IslandTM, the new online community designed especially for IT and network... more
-
-
-
Please respond directly to DHS via the contacts below if you have any relevant information: The Station Fire in northern Los Angeles County, CA is threatening the Mount Wilson Communications Facility. Some other facilities determined to be of significant critical infrastructure and key resources (CIKR) are the NASA Jet Propulsion Lab, Mount Lukens and Mount Disappointment Communications Facilities, 33Kv, 220Kv power lines, and Gould power substation. The National Coordinating Center (NCC) needs input from its NCS partners regarding anticipated impacts to Federal communications systems and assets.Please respond directly to DHS via the contacts below if you have any relevant... more
-
-
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
-
-
Had someone with ill intent been as smart or as lucky as security engineer Dan Kaminsky, the entire Internet could have been rendered mostly inoperative. The extent of just how big a fix he implemented, is only now being realized.
There is an entire subculture that has developed around the notion of deconstructing information technology. And like those who prefer to fish in pre-stocked ponds, the people who populate this subculture are not, for the most part, particularly clever. They may be adept with their tools, but they don't construct exploitation strategies for themselves. Rather, they wait until someone smarter can do it for them.
In fact, that's the whole principle behind the "zero-day exploit," which is a bit like hyenas celebrating the availability of low-hanging fruit. Today, it's security engineers who discover the most clever possible exploits in IT systems and software. But it's typically the way those engineers alert software companies and their customers to the existence of the problem, that in and of itself causes the greatest security risk. When the smarter birds of prey can detect from a high vantage point where the ripest fruit has fallen from the trees, the hyenas can easily track them on their way to dinner.
This was the problem with respect to the implementation of one of the largest-scale fixes in the history of the Internet last month: Since 2002, it's been generally known among network engineers that there was probably a way to pollute Domain Name Server caches, using a trick of accurately guessing the source port from which a DNS name resolution would come, and then spoofing that port with a false response that could redirect users to completely different Web sites without their knowledge.
If the spoofed site was a bank, the spoof could ask for and receive user IDs without them knowing it wasn't that bank. If the spoofed site was a customer service site, users would blithely give them their support ticket numbers and license IDs. There was no telling how far this could have gone.
Maybe, just maybe, some users would have spotted the fact that the certificate sent by the spoofing site didn't match the one that was spoofed. But how many users get those certificate warnings every day, from legitimate sites that simply haven't updated their certificate or are deploying it incorrectly? Users may be growing accustomed to simply clicking on "Allow."
A few months ago, Doxpara Research security engineer Dan Kaminsky -- who had been sounding alarms about this problem for at least six years -- decided he would help manufacturers implement a patch to the DNS deficiency, one which would not only randomize the source port but exponentially increase the size of the pool from which those port numbers are chosen. Both DNS servers and clients (i.e., any computer that uses DNS to resolve a URL with an IP address) would need to implement this patch.
But if Microsoft or Cisco or any one single company simply reacted to his warning by issuing a patch, that could trigger what we now know as the "zero-day effect:" Malicious users could disseminate not only the severity of the potential problem but the dynamics of it, simply by reverse-engineering the fix. Then they could potentially exploit all the other unpatched portions of the Internet, from manufacturers that had not yet caught up.
Wolfgang Kandek is the chief technology officer for Qualys, a vulnerability management company that works with enterprises to devise security policies and implement more secure software. Kandek is personally familiar with Kaminsky's work, and has surmised the huge problem he faced down.Had someone with ill intent been as smart or as lucky as security engineer Dan... more
-
-
At the ongoing Blackhat conference in Las Vegas, Dan Kaminsky revealed some concrete info on the infamous DNS bug that he uncovered some time ago.
According to the information received, the bug is the worst that has been uncovered in over a decade. Apart from the DNS Cache poisoning that was initially revealed the bug could also be used to attack VPNs, SSL certification, automatic software update systems, spam filters and VOIP systems. The reason that this bug is so dangerous is that it affects DNS. DNS as it is widely known is the heart of the internet, as it is central for any kind of internet activity.
To resolve this issue to a large extent, Kaminsky worked with nearly 80 major vendors and software companies. Though the bug was initially discovered last month, Kaminsky rightfully held off discussing the bug openly and making a full disclosure as is the accepted industry practice.
This was a good move as the chaos that could have ensued with a bug this big cannot be envisioned. In the time since his initial announcement, virtually every major OS and software developer has issued patches to fix their products.
At the ongoing Blackhat conference in Las Vegas, Dan Kaminsky revealed some concrete... more
-
-
HD Moore has been owned.
That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.
It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.
When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.
BreakingPoint employees noticed the problem early today after friends and family who were also using the AT&T DNS server noticed that their Google.com Web page didn't look quite right (hackers had omitted the NASA-themed logo that Google used on Tuesday).
In early July, computer security experts began warning this type of cache poisoning attack could be pulled off much more easily than previously thought, thanks to a new technique. Early last week, technical details of this attack were leaked to the Internet and HD Moore's Metasploit project quickly released the first software that exploited this tactic.
Now he's one of the first victims of such an attack. "It's funny," he said. "I got owned."
Things may not be so funny to ISPs (Internet Service Providers) who are scrambling to roll out patches to their DNS software before these attacks become more widespread.
The flaw has to do with the way that DNS programs share information over the Internet. In a cache poisoning attack, the attacker tricks a DNS server into associating malicious IP addresses with legitimate domains, such as Google.com. Security experts say that this type of flaw could lead to very successful phishing attacks against Web surfers whose ISPs have not patched their servers.
Because of the nature of the AT&T hack, Moore doesn't believe that he was targeted by the hackers. Even BreakingPoint employees didn't realize that their internal DNS server had been configured to use the AT&T machine. Instead, he thinks that they were simply trying to make a quick buck.
AT&T representatives were not immediately available to comment on the incident.
Moore believes that this type of attack may be going on at other ISPs as well, however.
Dan Kaminsky, the IOActive researcher who first discovered the DNS problem, said that he's heard reports of other attacks, although he declined to say how widespread they were. "The capability to do a lot of damage is out there," he said.HD Moore has been owned.
That's hacker talk, meaning that Moore, the creator... more
-
