Truemors
is reporting from
Member
NP Rank:
NP Rank:
Hack the Planet: Biggest Internet Security Hole in a Decade
Share:
by futureprogress | July 24, 2008 at 12:29 pm
1405 views | 47 Recommendations | 18 comments
Photos
Hack the Planet: Biggest Internet Security Hole in a Decade
uploaded by futureprogress
"I have to be blunt." states Kaminsky, "The drama is fun and interesting and cool, but it's a distraction. (The important thing is that) it's a really bad bug that really impacts every website you use and your readers use. It impacts whether or not readers are even going to see the article you're about to write. Now I could get into a big fight with lots of people ... and that might happen at some point! But it's a distraction from right now, which is, you know, we did good. We got 13 days of a patch being out without the bug being public. That's unprecedented. I'm pretty proud of at least 13 days. I would have liked 30, but I got 13 ... But the circumstances of how it went public are not what's important today. There will be a time for that, just not now. What is important now is people need to patch."
ZDNet is reporting that HD Moore has released exploit code for Dan Kaminsky's DNS cache poisioning vulnerability into the point-and-click Metasploit attack tool. From the article: 'This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.'
The game's afoot: boot up your copy of Backtrack and insert this code into Metasploit.
"Hack the planet! Hack the planet!"
Update:
For end-users... I offer the following advice:
Use OpenDNS, they were never vulnerable... DNS is their business and they make it rather simple to use.
What is NowPublic?
NowPublic lets people work together to cover news events around the world.
Crowd Power
futureprogress
Los Angeles, California, United States
Most Recommended Stories in Tech & Biz
Recommendations (47)
Anonymous user
Most RecentMost Recommended Comments (18)
at 12:54 on July 24th, 2008
Would be nice to see NowPublic make a big deal about this since it literally "impacts every website you use."
More likely its readers have little understanding of how big of a deal this is... we shall see.
at 13:10 on July 24th, 2008
As for end-users... I offer the following advice:
Use OpenDNS, they were never vulnerable... DNS is their business and they make it rather simple to use.
For the super paranoid, don't access super important data for about 20-30 days. This may be difficult for you but the longer you wait, the better. Then make sure to change your passwords every week or so for the next few months.
CYA & Good luck!
at 14:31 on July 24th, 2008
What this all means...
If you are not using OpenDNS or you are not lucky enough that your DNS provider has patched... then you have no way to determine if the site you are attempting to see is the site you believe it to be.
This means your data is at risk without you having a clue.
I highly recommend using OpenDNS... seriously folks... this is a big deal.
at 16:09 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
at 17:33 on July 24th, 2008
futureprogress, I don't know much about this issue -- but it sounds like it could be a huge concern. Thanks for posting it.
at 17:42 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
at 17:52 on July 24th, 2008
It _is_ a huge concern... be safe, use OpenDNS ;)
at 18:19 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
at 19:01 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
at 20:00 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
What an interesting post - thanks for sharing it with us here.
at 20:03 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
Something very interesting.
at 23:19 on July 24th, 2008
You've ruined my evening. Why should an individual use this Opendns? If I want to block sites? (like)popup ads with it, and Opendns wants to show me ads, what's the difference?
Are you saying I shouldn't visit any site for the next 20 to 30 days cuz this malicious code is running all over the net?
Are you passing on that code in the above post to hackers to do the very thing you're warning against? It definitely seems like it. Why are you promoting this new program?
Did you put the 'ghost in the machine' on this site?
at 23:42 on July 24th, 2008
futureprogress, I like this story. It's good stuff.
at 05:17 on July 25th, 2008
futureprogress, I like this story. It's good stuff. Its a very serious security flaw which could mean that you think your on your banking site but in fact you are on a replica site with the intention of stealing you banking details. My advice is to keep away from any online banking details until this latest development is fully patched.
at 11:22 on July 25th, 2008
You've ruined my evening. Why should an individual use this Opendns? If I want to block sites? (like)popup ads with it, and Opendns wants to show me ads, what's the difference?
OpenDNS is safe from record poisoning, meaning your request to nowpublic.com will in fact bring you to the NP servers vs. some unknown servers. Regarding the ads... opendns doesn't show ads outside of a search page if you type in an unknown domain... in that case its helping you locate what you think should be there... the ads are no different than Google adsense.
Are you saying I shouldn't visit any site for the next 20 to 30 days cuz this malicious code is running all over the net?
I'm saying: if you aren't going to use opendns or dns servers you know aren't compromised then don't visit important sites (e.g., banking).
Are you passing on that code in the above post to hackers to do the very thing you're warning against? It definitely seems like it. Why are you promoting this new program?
It's a great hack... and there is a solution. I have posted both the problem and solution in the interest of information freedom.
Did you put the 'ghost in the machine' on this site?
With respect to this hack... this site's servers would not need to be touched... it would be the DNS servers you use to translate nowpublic.com > [some IP address]
Rene... protect yourself with OpenDNS.
at 11:23 on July 25th, 2008
...or just simply use OpenDNS ;)
at 12:07 on July 25th, 2008
That's what I thought. What's your interest in OpenDNS? Are you promoting it? and promoting the hack to help promote OpenDNS too?
at 21:54 on July 30th, 2008
Unaffiliated with both OpenDNS and the DNS hack.
Simply wanted to share ;)