Home | Community | Message Board

Magic-Mushrooms-Shop.com
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: North Spore Cultivation Supplies   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Left Coast Kratom Buy Kratom Capsules   PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals Bridgetown Botanicals

Jump to first unread post Pages: 1
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Warning! Critical DNS Vulnerability
    #8680019 - 07/25/08 11:21 AM (15 years, 8 months ago)

A new security vulnerability has been found in the DNS architecture used everywhere on the internet. It allows phishers to trivially redirect DNS to scam sites that look like ebay, your bank, or any legitimate web site.

At the browser level, there is no way to know you've been redirected because since the vulnerability is at the DNS level, the URL in your browser's address bar will be valid, even though the final destination IP will be scammed.

This WILL bypass Firefox's built in anti-phishing mechanism!

Use this tool to test your ISP's DNS servers. If they haven't been fixed, demand that they fix it and be wary of typing in your password at any web site:

http://www.doxpara.com/


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.

Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: Warning! Critical DNS Vulnerability [Re: Diploid]
    #8680040 - 07/25/08 11:27 AM (15 years, 8 months ago)

Fortify Your Internet Security Settings Now

The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.

While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of their networks, data released yesterday indicates that only about half of the world's online population is currently protected by these updates.

At issue is a basic design flaw in the domain name system. DNS is the communications standard that acts as a kind of telephone book for the Internet, translating human-friendly Web site names like example.com into numeric addresses that are easier for networking equipment to handle and route.

When people type a Web site name into their Internet browser, the process of routing of that name to Internet address is generally handled through DNS servers managed by Internet service providers and corporations.

But according to research released this month, most of those DNS servers are vulnerable to a security flaw that allows miscreants to silently alter the virtual road maps that those systems rely on to route traffic. As a result, a cyber criminal could trivially rewrite those records so that when customers of a vulnerable ISP or network provider try to visit a particular Web site, they are instead taken to a counterfeit site created by the bad guys.

For example, if exploited, this flaw can easily help scammers steal personal information, such as social security numbers or bank accounts, by tricking people into entering sensitive data at fake bank and e-commerce sites.

Dan Kaminksy, the security researcher who discovered the flaw, worked in secrecy for nearly six months with a handful of other researchers to devise a fix for the flaw. On July 8, in a rare coordinated effort, dozens of software vendors - including Microsoft -- shipped security patches to help customers and network providers protect themselves.

On Wednesday, computer code demonstrating exactly how to exploit the flaw was posted online. The code also was summarily folded into Metasploit, a tool that makes exploiting the vulnerability a point and click operation within the reach of even the most novice of hackers.

In a conference call with reporters on Thursday, Kaminsky said that data from a diagnostic tool he placed on his Web site to let visitors see if their ISP had patched the problem showed a large number of providers had indeed fixed it on their end, but that many still have not addressed the issue. Kaminsky said that on July 8, when the patches were first released, roughly 86 percent of the people who used the test tool were coming from unsecured networks. As of Thursday, he said, about 52 percent of visitors were in the same boat.

Lest anyone think this vulnerability is mere hype, consider the warnings from Kaminsky and others who say the flaw is attracting plenty of attention from cyber criminals.

"This attack is being weaponized out in the field," Kaminsky said.

Joao Damas, senior programming manager at the Internet Software Consortium, the entity which maintains BIND - the open-source software provider that powers a massive share of the DNS servers worldwide - said he has seen evidence of attackers trying to exploit the flaw.

"I have seen already code that is geared at exploiting this out in the wild, and I'm not even looking for it," Damas said.

My advice to readers is to visit the testing tool on Kaminsky's site. If the response is that your ISP is vulnerable, please post a note in the comments section saying so. If your ISP has not yet addressed this important flaw, please also consider protecting yourself using one of the following methods.

--Set up your system so that it uses the DNS resolvers provided by OpenDNS, an entity that provides a free service which routes all of you Web site queries through DNS servers that are not only patched against this flaw, but which can help you better spot phishing Web sites and prevent people on your network from visiting otherwise objectionable Web sites.

--Reconfigure your DNS settings to use servers that are known to be patched against this flaw. A few of those servers include 4.2.2.1, and 4.2.2.2. To do this in Windows, click Start, Control Panel, Network Connections, and double-click on the connection name that says it's already connected. From there, scroll down to the Internet Protocol setting, and click Properties. If it is not already checked, change the radio button to "Use the following DNS server addresses," and then type in 4.2.2.1 and 4.2.2.2 in the settings below. Click "OK" to finalize the settings. Note that you will only be permitted to make these changes if you are logged in to Windows using an administrator account.

While the patch Microsoft shipped earlier this month to address this problem on Windows machines addresses a facet of the vulnerability that is much more difficult for the bad guys to exploit, Windows users should still follow these steps. Many Windows users no doubt delayed installing this update or uninstalled it, following news that it prevented users of ZoneAlarm firewall products from being able to get online. ZoneAlarm has since pushed out an update that fixes this compatibility glitch.

One final note: While some people may question the sanity of making these changes given the fluid nature of ISPs working overtime to address this flaw, I would strongly urge readers to err on the side of caution. For one thing, online scam artists have shown to be increasingly eager to adopt the latest methods for scamming people online. Secondly, the stopgap solutions mentioned here are fairly simple fixes, remedies that -- even if left in place indefinitely -- will not adversely affect the online experi

Washington Post


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.

Extras: Filter Print Post Top
Invisiblenorml840
sex toy guru
Male User Gallery


Registered: 10/19/07
Posts: 3,170
Loc: lost
Re: Warning! Critical DNS Vulnerability [Re: Diploid]
    #8680119 - 07/25/08 11:52 AM (15 years, 8 months ago)

great.  just fuckin great.

Extras: Filter Print Post Top
InvisiblePenguarky Tunguin
f n o r d
Male User Gallery

Registered: 08/08/04
Posts: 17,192
Re: Warning! Critical DNS Vulnerability [Re: Diploid]
    #8684192 - 07/26/08 01:16 PM (15 years, 8 months ago)

Quote:

Your ISP's name server, XX.XX.XX.XXX, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.




:rockon:


--------------------
Every mistake, intentional or otherwise, in the above post, is the fault of the reader.

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: North Spore Cultivation Supplies   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Left Coast Kratom Buy Kratom Capsules   PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals Bridgetown Botanicals


Similar ThreadsPosterViewsRepliesLast post
* Multiple Internet Explorer Vulnerabilities darkfly 1,268 7 07/15/04 03:43 AM
by AhronZombi
* Microsoft Issues Patch for 'Critical' Windows Secu Mojo_Risin 1,151 4 11/21/02 06:44 PM
by Mojo_Risin
* Installed SP2 and my internet got slower! zee_werp 1,043 12 10/13/05 03:20 PM
by drtyfrnk
* Computer Virus Fighters Warn Of New Internet Threat motamanM 1,022 2 08/22/03 05:47 PM
by monoamine
* DSL and DNS errors Zero7a1 1,588 9 10/07/03 07:17 PM
by Zero7a1
* I need a windows exploit scanner - I trade :) T0aD 1,747 8 08/25/02 12:50 PM
by tps
* GaoBot _ warning Zero7a1 622 3 05/03/04 01:39 PM
by Zero7a1
* RFID Tag/System Vulnerability daimyo 1,090 0 03/16/06 08:16 AM
by daimyo

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
844 topic views. 0 members, 2 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.019 seconds spending 0.004 seconds on 12 queries.