|
#1
07-25-2008, 03:15 PM
|
||||
|
||||
Attention Internet Users
Interesting information mentioned on the radio...
http://www.informationweek.com/blog/...isoning_v.html So most of you are wondering why should I care? Here's why... If I were to poison a DNS server, I would set up another computer as a man in the middle server. So you type in www.wellsfargo.com. The dns, since it is now compromised, directs your connection to anywhere I have it set up, which would be that man in the middle server. I could set it up 2 ways. First, I would create a web page that looks exactly like wells fargo. I could set it up so after you type in your user name and password, you get a screen saying the site is down for maintenance. It's not, but I just got your user name and password. Or, I could set up a sniffer that captures all the information you're sending, then forwards your packets to the real wells fargo site. Either way, you really don't know what just happened. I thought I would just throw this out. I am heading to Dark Knight, so I am going to read up more on it later. Happy surfing.
__________________
It is better to be hated for what you are than loved for what you're not. 
|
|
#2
07-25-2008, 03:58 PM
|
|||
|
|||
|
Don't get too awful worried I have known about this for at least a week. This flaw is NOT something an average user can fix. It has to be fixed by the system admins who run the DNS servers. Those same people had 2 weeks to apply the patch. US-Cert was notified on the 12th? and verified flaw and released a patch to fix the problem. If the IT monkeys have done their jobs there is nothing to worry about.
With that being said... you/me/anyone would never know if a DNS server was poisoned. |
|
#3
07-25-2008, 04:02 PM
|
||||
|
||||
|
This is because of that there y2k isn't it?
__________________
Quote:
|
|
#4
07-25-2008, 06:12 PM
|
||||
|
||||
|
Pen, does that mean no one can erase my porn?
__________________
 not my links. always virus check. |
|
#5
07-25-2008, 07:41 PM
|
||||
|
||||
|
Um, this "flaw" has been around since the inception of DNS.
It's just until some high and mighty needing an ego boost idiot schmuck posted it for every wannabe "hacker", no one out of the DNS engineer guys knew about it. |
|
#6
07-25-2008, 08:00 PM
|
|||
|
|||
|
Code:
Content, Pictures and Download links visible to registered users only. REGISTER NOW to access all areas that are invisible to non-members. Your porn is safe  Code:
Content, Pictures and Download links visible to registered users only. REGISTER NOW to access all areas that are invisible to non-members. |
|
#7
07-25-2008, 08:01 PM
|
||||
|
||||
|
I'm not worried about it. As Pen already pointed out, a patch was made weeks ago and should have been applied, thus fixing the problem for all the main DNS servers.... then again, ICANN had their shit fucked with not too long ago.
Every time some story about an exploit comes out, they always act like hackers are going to cause shit loads of mayhem... and it never happens. Last edited by Striker : 07-25-2008 at 08:02 PM. Reason: Giving credit where it's due |
|
#8
07-26-2008, 12:38 AM
|
||||
|
||||
|
Code:
Content, Pictures and Download links visible to registered users only. REGISTER NOW to access all areas that are invisible to non-members. How long was the patch for IIS servers out and how many admins found out the hard way they weren't up to date? Not trying to scare anyone here, but information is never a bad thing.
__________________
It is better to be hated for what you are than loved for what you're not.
|
|
#9
07-26-2008, 12:39 AM
|
||||
|
||||
|
Code:
Content, Pictures and Download links visible to registered users only. REGISTER NOW to access all areas that are invisible to non-members.
__________________
It is better to be hated for what you are than loved for what you're not.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 01:20 PM.