Attention Internet Users
Interesting information mentioned on the radio...
http://www.informationweek.com/blog/...isoning_v.html So most of you are wondering why should I care? Here's why... If I were to poison a DNS server, I would set up another computer as a man in the middle server. So you type in www.wellsfargo.com. The dns, since it is now compromised, directs your connection to anywhere I have it set up, which would be that man in the middle server. I could set it up 2 ways. First, I would create a web page that looks exactly like wells fargo. I could set it up so after you type in your user name and password, you get a screen saying the site is down for maintenance. It's not, but I just got your user name and password. Or, I could set up a sniffer that captures all the information you're sending, then forwards your packets to the real wells fargo site. Either way, you really don't know what just happened. I thought I would just throw this out. I am heading to Dark Knight, so I am going to read up more on it later. Happy surfing. |
Don't get too awful worried I have known about this for at least a week. This flaw is NOT something an average user can fix. It has to be fixed by the system admins who run the DNS servers. Those same people had 2 weeks to apply the patch. US-Cert was notified on the 12th? and verified flaw and released a patch to fix the problem. If the IT monkeys have done their jobs there is nothing to worry about.
With that being said... you/me/anyone would never know if a DNS server was poisoned. |
This is because of that there y2k isn't it?
|
Pen, does that mean no one can erase my porn?
|
Um, this "flaw" has been around since the inception of DNS.
It's just until some high and mighty needing an ego boost idiot schmuck posted it for every wannabe "hacker", no one out of the DNS engineer guys knew about it. |
Code:
Content, Pictures and Download links visible to registered users only. Your porn is safe :) Code:
Content, Pictures and Download links visible to registered users only. |
I'm not worried about it. As Pen already pointed out, a patch was made weeks ago and should have been applied, thus fixing the problem for all the main DNS servers.... then again, ICANN had their shit fucked with not too long ago.
Every time some story about an exploit comes out, they always act like hackers are going to cause shit loads of mayhem... and it never happens. |
Code:
Content, Pictures and Download links visible to registered users only. How long was the patch for IIS servers out and how many admins found out the hard way they weren't up to date? Not trying to scare anyone here, but information is never a bad thing. |
Code:
Content, Pictures and Download links visible to registered users only. |
All times are GMT -5. The time now is 02:09 AM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
WE CANNOT POLICE EVERYTHING POSTED - IF YOU SEE YOUR COPYRIGHT MATERIAL - SEND US AN EMAIL AND WE WILL MAKE SURE TO REMOVE IT!Ad Management plugin by RedTyger