tag:blogger.com,1999:blog-21926372251146254552011-04-21T13:50:40.219-04:00Razorpoint Security Technologiesnoreply@blogger.comBlogger41100tag:blogger.com,1999:blog-2192637225114625455.post-21363615619013519872008-07-25T11:34:00.003-04:002008-07-25T16:56:45.396-04:00It's here. Another malicious DNS exploit that allows for remote manipulation of DNS records. DNS poisoning and Man-In-The-Middle attacks are nothing new, but they just got much easier.<br /><br />Researcher <a href="http://news.cnet.com/8301-10789_3-9985815-57.html">Dan Kaminsky's recent warnings</a> are now very real. A number of remote DNS attacks that allow for the redirection of legitimate Internet traffic. No breaking through firewalls, no stealing passwords, no decrypting secret messages, just a simple tool to tell a DNS server to send traffic meant for a major corporation to any server of an attacker chooses. And the tools are free to download (<a href="http://www.packetstormsecurity.org/0807-exploits/bailiwicked_host.rb.txt">bailiwicked_host</a> | <a href="http://www.packetstormsecurity.org/0807-exploits/bailiwicked_domain.rb.txt">bailiwicked_domain</a> | <a href="http://www.packetstormsecurity.org/0807-exploits/bind9x-poison.txt">kaminsky-attack</a>).<br /><br /><a style="font-weight: bold;" href="http://www.razorpoint.com/rz.datawatch/">Razorpoint's Rz.DataWatch</a> service (launched in May 2007) is still the best detection and defense against these types of attacks.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2192637225114625455-2136361561901351987?l=razorpoint.blogspot.com' alt='' /></div>Razorpoint Security Technologiesnoreply@blogger.com1tag:blogger.com,1999:blog-2192637225114625455.post-1804781522039779922008-07-10T11:31:00.003-04:002008-07-10T11:44:19.370-04:00Security buzz on Tuesday, July 8, 2008 was centered around DNS cache poisoning attacks. Security researcher Dan Kaminsky has been leading an effort with multiple vendors over the past few months to try and head off the vulnerabilities. Another researcher however – Ian Green – <a href="http://www.sans.org/reading_room/whitepapers/dns/1567.php">detailed</a> the spoofing vulnerability as long as three years ago.<br /><br /><a href="http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/">http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/</a><br /><a href="http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/">http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/</a><br /><br />Among other online vulnerabilities, <a href="http://www.razorpoint.com/rz.datawatch/">Razorpoint's Rz.DataWatch™</a> monitors online business assets for this style of attack.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2192637225114625455-180478152203977992?l=razorpoint.blogspot.com' alt='' /></div>Razorpoint Security Technologiesnoreply@blogger.com0tag:blogger.com,1999:blog-2192637225114625455.post-38005209101454607082008-06-13T00:55:00.012-04:002008-06-13T14:21:51.725-04:00<div><span class="Apple-style-span" style="font-size:small;">Multi-Attack Detection: Domain Hijacking, Man-In-The-Middle &amp; Pharming. <span class="Apple-style-span" style="font-family:verdana;"><br /></span></span></div><span style="font-size:85%;"><a href="http://www.razorpoint.com/rz.datawatch"><span class="Apple-style-span" style="font-family:verdana;"><span class="Apple-style-span" style="font-weight: bold;"><span class="Apple-style-span">http://www.razorpoint.com/rz.datawatch</span></span></span></a></span><div><br />Two articles that appeared regarding the Comcast compromise. They outline the hack and what was done.<br />(<a href="http://blog.wired.com/27bstroke6/2008/05/comcast-hijacke.html">article #1: wired</a> and <a href="http://torrentfreak.com/comcast-hacked-in-bittorrent-throttling-packback-080529/">article #2: torrentfreak</a> )<br /><br />The attackers used a combination of technical and social engineering attacks to compromise Comcast's domain registration information. After successfully changing the registration information, the attackers had control of Comcast's domain. Once they had control, the attackers pointed the traffic for Comcast's domain services to their servers.<br /><br />The attackers then noticed there was way too much traffic for their servers to handle, so they started re-pointing the domain information to other servers over and over. All these changes required host, DNS and IP address alterations -- all things Rz.DataWatch monitors for. Eventually Comcast caught on, however...<br /><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2192637225114625455-3800520910145460708?l=razorpoint.blogspot.com' alt='' /></div>Razorpoint Security Technologiesnoreply@blogger.comtag:blogger.com,1999:blog-2192637225114625455.post-65208726492910428422008-06-12T14:00:00.001-04:002008-06-13T01:00:46.908-04:00<span class="Apple-style-span" style="font-weight: bold;"><a href="http://blog.razorpoint.com/"><span class="Apple-style-span" style="font-size: small;">blog.razorpoint.com</span></a></span><span class="Apple-style-span" style="font-size: small;"> is here.</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2192637225114625455-6520872649291042842?l=razorpoint.blogspot.com' alt='' /></div>Razorpoint Security Technologiesnoreply@blogger.com0