|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] DNS ... cache poisoning [big deal]
|
I've seen Dan K. speak a couple of times and he is the real deal. Have a couple of his books. Next time Shmoocon is in DC you should definitely check it out as he is one of the driving forces behind it.
--------------------------------------------------
Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
--------------------------------------------------
----- Original Message -----
From: JP Vossen
[mailto:jp@jpsdomain.org]
To: plug@lists.phillylinux.org
Sent: Wed, 09
Jul 2008 15:02:45 -0400
Subject: [PLUG] DNS ... cache poisoning [big
deal]
> This is a big deal announced yesterday.
>
> http://www.kb.cert.org/vuls/id/800113
> Vulnerability Note VU#800113
> Multiple DNS implementations vulnerable to cache poisoning
>
> Overview
> Deficiencies in the DNS protocol and common DNS implementations
> facilitate DNS cache poisoning attacks.
> [...]
> --- cut ---
>
> Basically, a well-known security researcher named Dan Kaminsky has
> solved some challenges with regard to exploiting previously
> acknowledged
> issues with the DNS protocol (not implementations, protocol), with the
>
> result that large-scale "poisoning" DNS caches is now feasible.
>
> That's a big deal.
>
> Among other things, it allows for virtually undetectable phishing,
> spear
> phishing, and malware distribution. We all know that some funky URL
> that claims to be Paypal isn't. But if your DNS lies to you and sends
>
> you someplace else when you manually type in the correct Paypal URL,
> that's something else again. And that's what this vulnerability
> allows.
>
> From what I'm reading, this was handled really well by Kaminsky.
> Rather than irresponsible disclosure, he has worked with CERT and many
>
> others in "the largest synchronized security update in the history of
> the Internet, and [which] is the result of hard work and dedication
> across dozens of organizations." [1] He will release the details
> along
> with a tool to help determine upstream vulnerability at a security
> conference on August 6th.
>
> "The good news is that due to the nature of this problem, it is
> extremely difficult to determine the vulnerability merely by analyzing
>
> the patches; a common technique malicious individuals use to figure
> out
> security weaknesses." [1]
>
> If you or your company run your own DNS servers, you need to jump on
> this. If you don't, you'll want to check upstream, especially after
> the
> testing tool is released.
>
> Windows:
> http://www.kb.cert.org/vuls/id/484649
> > http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx
>
> ISC2 BIND
> http://www.kb.cert.org/vuls/id/252735
> > http://www.isc.org/sw/bind/bind-security.php
>
>
> Later,
> JP
>
> [1]
> http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/
> http://securosis.com/publications/DNS-Executive-Overview.pdf
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org
> My Account, My Opinions |=========| http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's
> Law.
> ___________________________________________________________________________
> Philadelphia Linux Users Group --
> http://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion --
> http://lists.phillylinux.org/mailman/listinfo/plug
>
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|