Dangerous DNS exploit spread, attacks expected
One day after a security company accidentally posted details of a serious flaw in the Internet’s Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon. Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. “It’s not that hard,” he said. “You’re not looking at a DNA-cracking effort.” The flaw, a variation on what’s known as a cache poisoning attack, was announced on July 8 by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an Aug. 6 presentation at the Black Hat conference.
That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet. The attack can be used to redirect victims to malicious servers on the Internet by targeting the DNS servers that serve as signposts for all of the Internet’s traffic. By tricking an Internet service provider’s (ISPs) servers into accepting bad information, attackers could redirect that company’s customers to malicious Web sites without their knowledge. Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network.
Source: PC world
I don’t know if this is good or bad because I don’t know what most of those words mean……..
no speaky nerd
it means that in case your ISP didn’t patch this vulnerability, there’s a chance you will type in e.g. http://www.paypal.com in your address bar, type in your login details, but instead of logging into paypal, you will send your secret info to some hackers, who will be able to empty your account in no time.
In short, hackers can hack yourbank.com site and redirect them to yourbank.com(yougothacked.yourbank.com)
how can one be aware of a site like rslog yet not understand this post? Do you just look at illustrations/pictures in magazines/books as well?
To check whether your ISP’s name server is properly patched,
go to Dan Kaminsky’s website http://www.doxpara.com
This is already 4 to 6 months old, prior to it hitting the mainstream press that is.
Actually, this issue is age old itself.
As http://www.trusteer.com/bind9dns explains, “Attacks against DNS, and particularly the concept of DNS cache poisoning has been known for over a decade (e.g. [2] section 5.3 was published in 1989 and [3] was published in 1993).”
I think he didn`t really post his article “accidentally”, he responded to a vague speculation of halvar flake and then maybe realising that this wasn’t a great idea… I would also recommend reading the article of FX regarding this topic http://www.recurity-labs.de/head.html#n15
This is similar to what I remember being called farming. Well I don’t remember the exact name but what happened was people would leave their wireless routers would not turn on wireless encryption ( or use crappy wep) and not change the default username and password. Someone would come change the dns setting on that router to their server.
Then when the users on that network would type in https:// http://www. theirbank .com it would look just like their bank site and have the proper writing in the url but it wouldn’t be the bank site. Instead it would be clone that was collecting username and passwords.
Think of this happening on a larger network like say your cable company.
Scary when you think about it.
rapidshare links pls
Why is the ‘log posting this? Kind of the pot calling the kettle black aint it? You all run ads filled with malware on this site! Auto-downloading trojans in the dozens of pop up windows the poor folks who use IE have to tolerate! Tons more malware in all the idiot uploadjockey, rapidshare, zshare, whatever else links.
and a torrent if you could thanks
ISP DNS is crap.
OpenDNS
208.67.222.222
208.67.220.220
well why do you think you stain
they make money
the same way Norton anti virus makes money buy having back doors in there software to let a virus in that you will have to fix
a product is no good if you don’t have to use it,
thats all I’m trying to say here.
like you could some hoar’s siht allrub it all over you mouth and lick it from your lips
but it wouldn’t taste like mars bar
new
https://www.dns-oarc.net/oarc/services/dnsentropy
lol at 11 and 13
SouthPark.ImaginationLand.DirectorsCut.DVDRIP.AC-3.Xvid-NRG
SOOOO OLD. If most if not all ISP’s havent patched this there pretty lousy. -_-
Soo… what’s the problem? the only thing you can lose is money. you cant be f c k ed in your ass… be happy by that
Hmm another way to scare the public :[
this technique is getting real old (*cough* y2k bug)
@14 - Yeah buddy, been using that for about a year now aswell
Malware is for Windows users.
I laugh.
@8 slightly different exploit but _big_ respect to you for posting it anyway
@12
Your an Idiot if you still see ANY of that stuff!!
Rlslog is perfectly clean for everyong else with the slightest sense.
You can get the exploit code here: http://tinyurl.com/torrentfreak
It’s in C++.
You can get the exploit code here: http://tinyurl.com/torrentfreak
It’s in C++.
You can get the code here: http://tinyurl.com/torrentfreak
It’s in C++.
You can get the code here: http://tinyurl.com/torrentfreak
It’s in C++.
You can get the code here: http://tinyurl.com/torrentfreak
http://tinyurl.com/torrentfreak
You can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreakYou can get the code here: http://tinyurl.com/torrentfreak
Exploits:
Metasploit version:http://milw0rm.com/exploits/6122
Python:http://milw0rm.com/exploits/6123
C:http://milw0rm.com/exploits/6130
So them haxxorz are just booting up The Matrix! Every site you see may not be the site you think you see…
@34 Hahahahahha
LMAO! Look at all the ‘1337 haxxors’ on here posting link to infected sites! LMAO! You guys are really pathetic Releaselog. I think this is beginning to become virus central for ‘teh innerwebs’.
Oh well, all you ‘haxxors’ are powerless without your precious scripts and pop up ads. Sorry dummies but NoScript is an addon for Firefox that is only a few hundred kilobytes in size, and IT BEATS ALL YOUR LITTLE SCRIPTING GARBAGE EVERYTIME! LMAO! YOU GUYS SUCK!
could thepiratebay also suffered from a similar attack? I ask because I can’t seem to get onto the piratebay at all.
thats easy, stupid! use the ip address instead of the dns name. DUHHHH! no redirecting of cache if you use an ip. if your not sure, just look up the ip on whois sites. then again, there are alot of idiots that buy computers these days. just remember, you cant protect the stupid, but you can sure as hell laugh at them.