digg

Facebook Connect Join Digg About

DNS Disaster: First Attacks Reported

zdnet.com.au — The existence of the Domain Name System (DNS) flaw, which could be used to redirect browsers to malicious sites, was revealed at the start of July by security researcher Dan Kaminsky. Multiple vendors, including Microsoft and Cisco, have already issued patches to counteract any attacks.

Who dugg this? Made popular Jul 30, 2008

submitted by

inactive Jul 29, 2008

647 diggs
digg

33 Comments

jeffmccann, on 07/30/2008, -1/+17FTW: http://www.opendns.com
meshman, on 07/30/2008, -0/+13"Approached via email to discuss his post, Kosin appeared to retreat from saying the activity he had observed was definitely an attack. "

-----

Tom: “Any word on how the survivors in the town are doing, Mitch?”

Mitch: “We’re not sure what’s exactly is going on inside the town of Beaverton, Tom, but we’re reporting that there’s looting, raping and, yes, even acts of cannibalism.”

Tom: “My God, you’ve actually seen people looting, raping and eating each other?!”

Mitch: “No, no we’ve haven’t actually seen it, Tom. We’re just reporting it.”
kurupttek, on 07/30/2008, -12/+25***** you two of my friends died in a DNS Disaster!
threemagic, on 07/30/2008, -0/+12I wonder why they didn't link the guy's blog? If it has a tool to check for the problem, you'd think they'd want people to do it.
ironjunkie, on 07/30/2008, -0/+8http://www.doxpara.com/
crxvfr, on 07/29/2008, -6/+13The web is getting to be like everything else these days.

...daily reports of new and impending threats, commercialization, (possibly - when, not if) mandated regulations, dis-information, surveillance, and as time goes by, more and more controlled by big corporations and lawyers. (This is one reason I like it that Google is so powerful. At least we have one dog in the fight, so long as they really do no evil)

Big brother looms over us all.

So when will there be an internet threat level, or is there one already.
goldsaturn, on 07/30/2008, -0/+7You're completely wrong about this. This isn't a warning about some vague "threat" and a color change on a terrorism rain gauge. This is a very specific security hole that is being exploited, and a very specific and crippling one at that.
talonh, on 07/30/2008, -1/+7Too bad you weren't with them that day
threemagic, on 07/30/2008, -0/+5No, I am revoking your license to use the word irony.
deadmoo, on 07/30/2008, -0/+4There are a few internet threat levels. Internet Storm Center and Symantec provide daily threat level ratings to name a few.
slsashrk, on 07/30/2008, -4/+7Why did you have to invent something with so many problems?

Damn you Al Gore... DAMMMMMMNNNN YOOOOOOUUUUUUU!!!!!!!!
crxvfr, on 07/30/2008, -2/+5wiki is a controlled source of information. some corporations and people have already been caught censoring or manipulating information there. google video has many movies that you can not find elsewhere that challenge the status quo, even our government. you will not find this kind of thing at wiki.
cgibbo, on 07/30/2008, -0/+3Comcast.net was owned by this, and tried covering it up by saying "...someone hacked Comcast's registrar account at Network Solutions, changing the authoritative DNS servers for comcast.net..." 2 days after the exploit was released into the wild.

http://digg.com/tech_news/Comcast_Domain_Hacked
ThreeDee912, on 07/30/2008, -0/+2For technical details:
http://blog.metasploit.com/2008/07/on-dns-attacks- ...

Photobucket was recently hacked using this flaw:
http://www.securitypronews.com/insiderreports/insi ...

Plus the usual Apple complainer:
http://news.cnet.com/8301-1009_3-10001811-83.html
pwr4, on 07/30/2008, -0/+2I think OpenDNS could solve this problem. If I'm wrong, any other suggestions besides a patch? It would be nice to have a solution in case other problems arise.
cgibbo, on 07/30/2008, -0/+2Break out the tinfoil hats... Go 'truth' about something else. This is an impossible topic for you.
pho3nixf1re, on 07/30/2008, -0/+2maybe he stutters :)
ThreeDee912, on 07/30/2008, -1/+2Happy (Belated) SysAdmin Day to all the admins out there!
jblade, on 07/30/2008, -2/+3Too late they are started "doing evil" per say.

How would you classify deliberately 'optimizing' their wikipedia service "knol" to be higher in search rankings then Wikipedia (in only 2 weeks!)
skyroket, on 07/31/2008, -0/+1another more thorough but doesn't seem to be working as often: https://www.dns-oarc.net/oarc/services/dnsentropy
deadmoo, on 07/30/2008, -1/+1djbdns was never vulnerable.
kpetree10, on 07/30/2008, -2/+1I cant read the article because of DNS issues at work. Irony?
segf, on 07/30/2008, -1/+0Of course, but we're talking about something which is more than a software flow to just be patched. DNS is too old.

http://www.doxpara.com/?p=1189

"After the patch: A bad guy has a one in a couple hundred million, or even a couple billion chance of stealing your Internet connection. He can still try to do so a couple thousand times a second, but it’s going to make a lot of noise."

Btw, the patch will do its work.

http://news.cnet.com/8301-1009_3-9998906-83.html?p ...

"Patch is the way to go; it shuts down the attack vector," said Jerry Dixon, former director of National Cyber Security Division of DHS. This was echoed by Rich Mogul of Securosis, and by Joao Damas, a senior program manager at the Internet Systems Consortium.

Kaminsky said the current patch has made exploits thousands of times harder--one in several hundred million, "not infinity." The bug is core to the design; it's fundamental to the design."

What have we learned? "We learned what needs to be done to fix the Net in the future. I await the security community's judgment on what we've done."
teh_techie, on 07/30/2008, -3/+1I like how you placed a comma in your sentence when, you didn't need to.
nuural, on 07/30/2008, -3/+1Admins, find the time to install powerdns! It hasn't been vulnerable to this attack since 2006. And furthermore it's ultra-scalable and works like a charm, especially with a mysql backend.

http://www.powerdns.com/
Slade605, on 07/30/2008, -5/+2I was really hoping for this to redirect me, to a malicious site.

Wait, no I wasn't.
MaxMWood, on 07/30/2008, -5/+2FIRESALE! AMAGAD.
inactive, on 07/30/2008, -4/+1All websites must redirect to the John McCain flip flop video
volz0r, on 07/30/2008, -6/+1Wait-wait. This is *REALLY* old news. This has been known to security researchers for years. Just because the makers of BIND wake up when Dan, and ultimately, the public, become aware of it, doesn't make this a new, or probable threat. In fact, there are many packages providing authorative nameservers, all of which have ChangeLogs from years back about this issue.

This reminds me greatly of Sendmail. Version 0.0.1 through 1.0.0: Backdoored by vendor. Version 1.0.0 through current: Major security threat.
fanaticwon, on 07/30/2008, -7/+2omfgbbqsauce!!!11! The INTERNETS are being hacked!

Old news, seen it about a month ago now which directly corresponds to when the attacks started. All the "Internets" hacking kind of reminds me of D2:LOD.
fanaticwon, on 07/30/2008, -5/+0LoLzer. This article is not just owned by your comment but it gets the uber special "pwnt".
ihavebeenseen, on 07/30/2008, -7/+1Emirates site not working. Conscience
http://www.emirates.com/
threemagic, on 07/30/2008, -10/+3you're an internet threat level
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.