It's here. Another malicious DNS exploit that allows for remote manipulation of DNS records. DNS poisoning and Man-In-The-Middle attacks are nothing new, but they just got much easier.
Researcher Dan Kaminsky's recent warnings are now very real. A number of remote DNS attacks that allow for the redirection of legitimate Internet traffic. No breaking through firewalls, no stealing passwords, no decrypting secret messages, just a simple tool to tell a DNS server to send traffic meant for a major corporation to any server of an attacker chooses. And the tools are free to download (bailiwicked_host | bailiwicked_domain | kaminsky-attack).
Razorpoint's Rz.DataWatch service (launched in May 2007) is still the best detection and defense against these types of attacks.
New DNS Exploit In The Wild
Posted by Razorpoint Security Technologies at 11:34 AM 1 comments
DNS Poisoning Vulnerability Still A Problem.
Security buzz on Tuesday, July 8, 2008 was centered around DNS cache poisoning attacks. Security researcher Dan Kaminsky has been leading an effort with multiple vendors over the past few months to try and head off the vulnerabilities. Another researcher however – Ian Green – detailed the spoofing vulnerability as long as three years ago.
http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/
http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/
Among other online vulnerabilities, Razorpoint's Rz.DataWatch™ monitors online business assets for this style of attack.
Thursday, July 10, 2008
Posted by Razorpoint Security Technologies at 11:31 AM 0 comments