Posts tagged Dns at Switched

Posts with tag dns

Internet Addressing Flaw Fears Extend to E-Mail, Other Online Services

by Tim Stevens, posted Aug 7th 2008 at 9:52AM

Remember that ugly flaw in Internet addressing, or DNS, which was detected and fixed, but not by everyone and not in time? The man behind many of those warnings, security expert Dean Kaminsky, recently gave a presentation at the Black Hat conference in Las Vegas, elaborating on how the flaw not only affects Web pages, which has been most commonly reported on, but also could allow hackers to take over e-mail and FTP addresses, as well as other common online communication protocols.

Kaminsky even indicated that the Secure Socket Layer, or SSL, is also vulnerable. SSL certificates are what results in the "key" being displayed when you're shopping at a secure site, indicating to you that your data is being encrypted and secured as it travels over the wire. Not everyone is so concerned, however. VeriSign, one of the leaders in SSL certificates, is playing down those fears. A representative indicated that the company has known of this flaw for "many years" and has "basically engineered around [it]."

Why the company didn't bother to tell anyone else remains to be seen. Way to be a team player there, VeriSign. [Source: CNN, and BBC News]

Experts Fear Internet Addressing Flaw Already Being Exploited

by Tim Stevens, posted Jul 23rd 2008 at 8:33AM

Remember that major DNS flaw we reported about a few weeks back? The one that was patched before it was announced but attacks were feared anyway because some folks are slow to update (or patch) their systems? Well, not one but two separate means for exploiting the flaw have been discovered, and one has already been added to an incredibly popular suite of hacking tools, leading one security expert to believe attacks have already begun.

Dan Kaminsky, a security expert and the guy to originally discover the flaw, believes attacks are happening now. "This attack is very good. [It] is being weaponised out in the field. Everyone needs to patch, please." He's urging network administrators and IT personnel everywhere to upgrade their systems to prevent this flaw, which could allow hackers to redirect traffic meant to go to banks and other secure online sites to anywhere they like.

It's a big step beyond the typical phishing attack, where scammers try to get you to click on a link on a site that looks like the real thing. If those phishers were using this exploit there would be no easy way for you to tell the site you were typing your password into is the real thing! Again, the patch is out there, so hopefully major sites have been fixed, but still it wouldn't hurt to be a little extra cautious for awhile before typing in your info. [Source: BBC News]

Hack Attacks Likely Following Internet Addressing Flaw

by Tim Stevens, posted Jul 23rd 2008 at 8:24AM

Details of Internet Addressing Flaw Accidentally Released, Hackers Rejoyce

Remember that major flaw announced earlier this month in DNS, the Domain Name System responsible for getting your browser from a URL like www.switched.com to the actual computer that hosts it? Well, fixes were released for the problem before the details of the issue were widely known, and the hope had been to keep those details under wraps for another month or so to give time for Internet administrators to install those fixes. Well, oops, the details were accidentally leaked yesterday, and security experts are now saying to get ready for a flood of attacks.

The flaw could allow hackers and phishers to make any Web site not only look like another page, but actually be served up when you type in the correct address, leaving you with no way to know the site is fake before entering your login information.

Though fixes for the flaw have been released, as usual, it will take some time before they're installed on servers around the world, leaving many sites still vulnerable. Unfortunately, there's not much you can do except hope that banks and other major sites are keeping ahead of the hackers on this one -- something they've certainly failed to do in the past. [Source: PC World]

Major Flaw in Internet Addressing Discovered, Fixed

by Tim Stevens, posted Jul 9th 2008 at 2:44PM

When you type a URL (say, switched.com) into a browser, a whole series of operations take place in the background to navigate your request through the maze of the Internet, ultimately getting it to the set of computers that host this site. That process of identifying servers by name is called the Domain Name System, or DNS, and it's fundamental to the entirety of the 'Net. A few months ago, however, security experts found a flaw in the core of DNS that could allow malicious users to make any site they want look like any other site, and we're only hearing about it now.

The flaw would basically allow anyone to redirect a URL to a private computer. They could take over the URL for your bank or e-mail account, put up a page that looked exactly like the real thing, then steal your username and password when you tried to log in. There'd be no way to know that it wasn't the real thing until it was too late. Scary? Yes, and that's exactly why experts from every major provider of software that provides DNS services have worked together in secret for months to implement the fix, which was finally released yesterday.

This doesn't mean that we're completely out of the water, as certain system administrators are occasionally a bit lax in updating their machines, but hopefully by the time you read this, the major sites will all have been updated, meaning you can go back to your idle and carefree surfing again. [Source: Yahoo! News]

New Malware Can Alter Your Wireless (Wi-Fi) Router and Steal Your Info

by Terrence O'Brien, posted Jun 12th 2008 at 3:39PM

Zlob, one of the most common pieces of malicious software (according to Microsoft), has undergone a frightening transformation. After infecting a victim's PC, Zlob checks to see if the computer is connected to a wireless router (the device that helps create the Wi-Fi hotspot in your house). If connected, then Zlob attempts to gain access by using a list of common and default username and password combinations.

Assuming Zlob gains access to the router, the software then changes the DNS settings on the router to send all traffic through a hackers' servers first. DNS servers act like a phone book for the Internet, connecting the user readable addresses like Switched.com to the IP addresses that are understood by computers.

Unfortunately, most people don't bother changing the default password on their routers, thus making it easier for Zlob to infiltrate computer networks and potentially steal personal data and information.

Avoiding being beaten by this attack is relatively easy. First, set up proper security software on your PC (anti-virus and a firewall) and keep it up to date. Second, always change the default administrator passwords on your equipment, especially your router. If an attacker is able to gain access to your router, it can access your entire computer network. [Source: Washington Post]

Surrender your sanity to Jason Nelson in IMTYPTWAE Space Invaders Get Even with Pit Crew Panic! on WiiWare Metal Slug 2 fires on to Virtual Console	Textflow parallel word processing app now in public beta BuzzBox Fast Forward adds smarter "Stumbling" to Firefox Akinator, the web genius - Time Waster
A holiday idea: pay it forward The Simpsons take on 'Mapple' Found Footage: A working NeXT Cube	Amid rising U.S. budget deficit, investors still clamoring for dollars Motorola's (MOT) fate looks worse as rivals falter Breast implant maker stock expands 90%
X3F Impressions: Lips review Shipping this week: Scaling, scailing edition Xbox Live service experiencing technical difficulties [Update]	eBay Find of the Day: Saleen Windstar (Seriously!) Swedish Sell-A-Thon! Ford reconsiders selling Volvo Parents Television Council shakes finger at GM, Nissan over advertising
Mac Monday: My Tribe Download: Sacred 2: Fallen Angel v2.31 Patch Sumner Redstone sells off his Midway stock for $100,000	Plaxico Burress, Recently Shot, Should Remember to Limp Whenever He's on Camera Derek Anderson and Tim Couch Have Both Had Fans Cheer When They Were Injured Questionable Coaching Clears Path for Vikings

Categories

Resources

Hot Topics

Switched Questionnaire

Hype Check

Web

Paranormal

Time Wasters

Just Tell Me What To Get

TUAW

Most Commented On (7 days)

Viagra Video Game Pulled By FDA (83)

Tennis Star Boris Becker Dumped by Text Message (57)

McCain Supporters Duped by 419 Scam? (24)

Switched Video

What Bugs You Most About Cell Phones?

Featured Galleries

AOL Tech Network

Latest Reviews from CNET.com

Top Product Reviews