Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Hackers exploit DNS security hole

Google

Add to del.icio.us     Digg this story Digg this

July 31, 2008

Would be Internet hackers are actively exploiting a critical security flaw in the Web's DNS IP address lookup system that can cause millions of Internet surfers to receive bogus Web pages when they try to access online banking services and similar types of sites.

According to Dan Kaminsky, the researcher who first warned of the DNS vulnerability on July 25, "there are definitely other confirmed attacks," but non-disclosure agreements prevent him from giving any details.

The first confirmed instance came yesterday, when security researcher H D Moore discovered a DNS (domain-name service) server operated by AT&T that had been compromised the day before. The attack caused Moore and other AT&T subscribers to be redirected to a fake Google page that tried to push affiliate advertising sites.

Equally worrisome is the sophistication the AT&T attackers showed in carrying out their attacks. Rather than using exploit code added last week to Metasploit, a penetration testing kit that just happens to be maintained by Moore, the hackers fashioned their own program that stealthily redirected users trying to visit Google to an imposter site.

Kaminsky said "that was a wildly mature attack. Someone out there had an entire infrastructure built to attack Google's click-fraud system. By any of today's standards, that's a significant amount of code."

AT&T has been one of the many laggard ISPs (internet service providers) largely reported to be dragging their feet in applying security patches that fix the devastating DNS flaw. Kaminsky says more ISPs appear to be getting the message. Last Thursday, about 51 per cent of unique name servers tested on his site all showed up as vulnerable. Now, he says it's closer to 35 percent.

There's obviously still a lot of room for improvement.

For more than the past 10 days now, other researchers pointed to an increase in queries to DNS servers and other evidence suggesting emminent attacks, but the AT&T exploit is the first to be specifically documented.

In most cases, installing the DNS security patch is a very straight-forward affair, but not always. Paul Vixie, head of the organization that maintains BIND (Berkeley Internet Name Domain), the Internet's most popular DNS server software, recently said security updates patching the hole could possibly reduce performance under heavy loads at certain times of the day.

Vixie added that he believes fixing the flaw was more important than suffering a potentially slower server performance. An update that will greatly improve the performance is in the works, however.

Even still, it's been more than three weeks since Kaminsky, Vixie and a whole slew of other influential and prominent experts began imploring organizations to install the patch on their DNS servers.

Now that the attacks have been confirmed almost everywhere, it's difficult to imagine any further justification for not doing so.

Add to del.icio.us     Digg this story Digg this

Source: CERT.

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer