It's here. Another malicious DNS exploit that allows for remote manipulation of DNS records. DNS poisoning and Man-In-The-Middle attacks are nothing new, but they just got much easier.
Researcher Dan Kaminsky's recent warnings are now very real. A number of remote DNS attacks that allow for the redirection of legitimate Internet traffic. No breaking through firewalls, no stealing passwords, no decrypting secret messages, just a simple tool to tell a DNS server to send traffic meant for a major corporation to any server of an attacker chooses. And the tools are free to download (bailiwicked_host | bailiwicked_domain | kaminsky-attack).
Razorpoint's Rz.DataWatch service (launched in May 2007) is still the best detection and defense against these types of attacks.
New DNS Exploit In The Wild
Posted by Razorpoint Security Technologies at 11:34 AM 1 comments
DNS Poisoning Vulnerability Still A Problem.
Security buzz on Tuesday, July 8, 2008 was centered around DNS cache poisoning attacks. Security researcher Dan Kaminsky has been leading an effort with multiple vendors over the past few months to try and head off the vulnerabilities. Another researcher however – Ian Green – detailed the spoofing vulnerability as long as three years ago.
http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/
http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/
Among other online vulnerabilities, Razorpoint's Rz.DataWatch™ monitors online business assets for this style of attack.
Thursday, July 10, 2008
Posted by Razorpoint Security Technologies at 11:31 AM 0 comments
Rz.DataWatch™
Two articles that appeared regarding the Comcast compromise. They outline the hack and what was done.
(article #1: wired and article #2: torrentfreak )
The attackers used a combination of technical and social engineering attacks to compromise Comcast's domain registration information. After successfully changing the registration information, the attackers had control of Comcast's domain. Once they had control, the attackers pointed the traffic for Comcast's domain services to their servers.
The attackers then noticed there was way too much traffic for their servers to handle, so they started re-pointing the domain information to other servers over and over. All these changes required host, DNS and IP address alterations -- all things Rz.DataWatch monitors for. Eventually Comcast caught on, however...
Friday, June 13, 2008
Posted by Razorpoint Security Technologies at 12:55 AM
RAZORPOINT: Realities of Cybersecurity.
blog.razorpoint.com is here.
Thursday, June 12, 2008
Posted by Razorpoint Security Technologies at 2:00 PM 0 comments