Securing DNS on OSX

July 31, 2008 By 5 Comments


It’s been a few weeks since [Dan Kaminsky] announced the nature of the DNS vulnerability and allowed 30 days of non-disclosure for patches to be applied before details of the exploit went public. Unfortunately, the details were leaked early and it didn’t take long for a functional exploit to be released into the wild. Since then, many ISPs have … Read the rest

Filed Under: security hacks Tagged With: , , , , , , ,

DNS cache poisoning webcast

July 24, 2008 By 4 Comments


UPDATE: Full audio of the webcast is now available

Today Black Hat held a preview webcast with [Dan Kaminsky] about the massive DNS bug he discovered. On July 8th, multiple vendors announced a patch for an undisclosed DNS vulnerability. [Dan Kaminisky] did not release the details of the vulnerability at that time, but encouraged security researchers to not release … Read the rest

Filed Under: news, security hacks Tagged With: , , , , , , , , , , , , ,

DNS exploit in the wild

July 23, 2008 By 4 Comments


We’ve been tracking Metasploit commits since Matasano’s premature publication of [Dan Kaminsky]‘s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: “ZOMG. What is this? >:-)“). … Read the rest

Filed Under: news, security hacks Tagged With: , , , , , , ,

Major DNS issue causes multivendor patch day

July 8, 2008 By 3 Comments


Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability. … Read the rest

Filed Under: news Tagged With: , , , , , ,

Malware alters DNS data on routers

June 12, 2008 By 7 Comments


The Zlob trojan, also known as DNSChanger, has been around for a few years, but recent Zlob variants to appear in the wild attempt to log into routers using a list of default admin/password combos. If they succeed, they alter the DNS records on the router to reroute traffic through the attacker’s server.

Our friend [Dan Kaminisky] recently did a … Read the rest

Filed Under: news Tagged With: , , , , , , , , , ,

DNS spoofing with Ettercap

June 7, 2008 By 12 Comments


[IronGeek] has published his latest video how-to: DNS Spoofing with Ettercap. Ettercap is designed specifically to perform man in the middle attacks on your local network. It can do ARP poisoning, collect passwords, fingerprint OSes, and content filtering. For DNS spoofing, you just need to edit a config file that defines which domains resolve to which IP addresses. You … Read the rest

Filed Under: misc hacks Tagged With: , , , ,

Charter screwing with DNS

May 12, 2008 By 35 Comments


Charter Communications seems to be pulling some sort of crap with their DNS servers. While working on a new project our friend Billy Hoffman, discovered that Charter was reporting absolutely every domain as resolving. They do offer a solution by providing an opt-out cookie, which isn’t useful at all if you’re not using a web browser… and I’m … Read the rest

Filed Under: misc hacks Tagged With: , , , , ,
Newer Posts »