DNS
DNS
The Domain Name System or Domain Name Server (DNS) is a system that stores information associated with domain names in a Distributed Database on networks, such as the Internet. The domain name system (Domain Name Server) associates many types of information with domain names, but most importantly, it provides the IP address associated with the domain name. It also lists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use.
DNS is useful for several reasons. Most well known, the DNS makes it possible to attach hard-to-remember IP addresses (such as 207.142.131.206) to easy-to-remember domain names (such as "wikipedia.org") Humans take advantage of this when they recite URLs and e-mail addresses. Less recognized, the domain name system makes it possible for people to assign authoritative names, without needing to communicate with a central registrar each time.
Definitions provided by Wikipedia - The Free Encyclopedia
DNS Related Products
BCAPI (BreadCrumb Application Programming Interface) is a low-level API for managing the configuration and reading the state of any Rajant BreadCrumb devices running firmware version 10.0 or higher. Rajant BreadCrumb devices are portable wireless systems that utiliSe a meshing protocol called InstaMesh for fixed and mobile applications in military, mining and first responder scenarios.
More information
DNS Related Industry News
Attack On Internet Called Largest Ever The heart of the Internet sustained its largest and most sophisticated attack ever, starting late Monday, according to officials at key online backbone organizations.
Around 5:00 p.m. EDT on Monday, a "distributed denial of service" (DDOS) attack struck the 13 "root servers" that provide the primary roadmap for almost all Internet communications. Despite the scale of the attack, which lasted about an hour, Internet users worldwide were largely unaffect......
[more] Is the most important DNS software vulnerable? It's nothing less than the software that runs the net (at a certain level). Confusion is rife about potential vulnerabilities in BIND, the most commonly used domain name server on the internet, and experts are calling on the makers of the software to clarify the issue.
Domain name servers are used to match domain names to numerical IP addresses, with the vast majority of these running BIND; the software essentially runs the internet.
The Int......
[more] SCO sidesteps MyDoom attacks SCO has moved its Internet operations to the domain www.thescogroup.com in response to the denial of service attack generated by the MyDoom worm against its regular base of operations, www.sco.com.
The alternate Web site is expected to serve as an interim site for SCO until 12 February, when the DDoS attack generated by the MyDoom is expected to conclude.
Netcraft reports that www.thescogroup.com resolves to the same IP address as sco.com, one of a variety o......
[more] Competing technologies could shake up e-mail Microsoft’s announcement at the RSA Conference last week of a host of initiatives to stop unsolicited commercial e-mail, or spam, highlighted some tectonic shifts taking place in the once staid world of Internet messaging. The company’s new e-mail authentication architecture, known as "Caller ID," is being met with cautious acceptance. However, Microsoft will probably not have the last word on secure e-mail, and a shake-out of antispam solutions backe......
[more] Earthlink to test sender authentication ISP (Internet service provider) Earthlink Inc. will soon begin testing new e-mail security technology, including Microsoft Corp.'s recently released Caller ID technology, a company executive said.
Earthlink will be experimenting "very soon," with "sender authentication" technology including Caller ID and a similar plan called Sender Policy Framework (SPF). The Atlanta-based ISP will be evaluating other e-mail security proposals as well, but is not bac......
[more] Competing Technologies Shake Up E-Mail How will rival authentication schemes change the way we communicate online? Microsoft's recent announcement of a host of initiatives to stop unsolicited commercial e-mail, or spam, highlighted some tectonic shifts taking place in the once staid world of Internet messaging. The company's announcement was made at the RSA Conference, a leading annual meeting on electronic data security that was held in San Francisco late last month.
Caller ID
The company's......
[more] Technology solution to slicing spam lags Lawsuits filed by some of the Web's biggest players against junk e-mailers have portrayed an industry united in the war against spam--but there are few signs of collaboration in developing technology standards that could be more effective in slowing the deluge. America Online, EarthLink, Microsoft and Yahoo scored a major publicity coup earlier this month, when they launched their first joint legal assault against spammers. The suits claim that hundreds......
[more] New .mail top-level domain offers hope for spoiling spam The Internet's governing body is considering a proposal for a .mail top-level domain that could be a powerful new weapon in the fight against spam.
The Anti-Spam Community Registry has asked ICANN (Internet Corporation for the Assignment of Names and Numbers) to include .mail in the next batch of new TLDs, which are expected to be introduced later this year.
The domain will be restricted to the operators of mail servers, and will allo......
[more] TM domain leads anti-spam charge The registry running the top-level .tm domains is leading the charge against spam by adding the SPF protocol into all its domains' DNS records.
While a large number of ISPs, big online names, anti-spam companies and a few domain registrars have added SPF and so helped verify that an email message comes from the address it says it does, TM Domain Registry’s general manager Paul Kane tells us this is the first time an actual registry has included the protocol.......
[more] NetSky-V spreads on auto-pilot Yet another NetSky virus arrived on the scene today. NetSky-V spreads using a well known Internet Explorer vulnerability, connected with the handling of XML pages. Instead of depending on users double clicking on infectious email attachments, the worm can spread automatically across vulnerable Windows boxes.
Users can be infected by NetSky-V simply by reading an infected email.
Just as well then that NetSky-V, although it has been observed in the wild, is......
[more] Bill Gates 'can't stop spam' More than 80 percent of security professionals do not believe that Bill Gates' crusade against spam will solve the problem, according to a survey A survey of IT security professionals conducted at the Infosecurity show in London this week revealed that more than 80 percent of people do not think that Bill Gates' pledge to eliminate spam within two years is realistic.
In June 2003, the Microsoft chairman called for cooperation between government and corporations to......
[more] Hackers hacked by hacker They know nothing about their own security, plenty about others An alliance of hackers dubbed the Hackers Against America (HAA) has had its website defaced by er a Hacker.
The group, which has its site based deep in the Russian Confederation, boasts that it has links to the Al Qaeda terror group.
According to Zone-H, when news of HAA's association with terror groups got out, it so peaked a Portuguese hacker called Marcos that he wrote to them and gave them a piece......
[more] More emerges about Brazilian hacking hacker A supposed group of international hackers declares digital war against the United States directly from their headquarters in Russia. They call themselves Hackers Against America (HAA) and their purposes are based on stealing classified documents and launching mass virus attacks against government servers. They claimed to have active members from China, Hong Kong, Brazil and Russia and were already planning a massive attack for the next days.
Sounds......
[more] Secure E-Mail Specs Could Merge Microsoft meets with SPF author to craft a technology standard. After submitting its Caller ID e-mail authentication specification to a standards body, Microsoft is discussing merging its spec with another, called Sender Policy Framework, or SPF.
E-mail experts from Microsoft will spend a weekend meeting with SPF author Meng Weng Wong of Pobox.com, looking for ways to merge the closely-related Caller ID and SPF standards, according to Wong.
"Basically, we'......
[more] Hacker group gets dose of own medicine An alliance called Hackers Against America (HAA) has received a dose of its own medicine with its own website having been defaced, according to information at the defacement archive Zone-H.org.
The group had its website hosted by a free provider in Russia. According to Zone-H, it had claimed that new members were rapidly joining up, including one American who had links to the Al Qaeda group.
However, one hacker (for whom Zone-H used the pseudonym M......
[more] Web outage blamed on zombies Akamai has blamed a 'bot net' of zombified PCs for the Internet downtime that affected sites such as Yahoo this week The attack that blacked out Google, Yahoo and other major Web sites earlier this week involved the use of a "bot net" -- a large network of zombified home PCs -- Internet infrastructure provider Akamai Technologies said Wednesday.
The attack, which blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo's Web sites for two hours on......
[more] Father of the internet says email ID will cure spam If your name's not down, you're not coming in… Making mass emailers identifiable is the first step toward curing the epidemic of spam, said Vint Cerf, one of the architects of the internet.
Cerf, who co-created the TCP/IP (Transmission Control Protocol/Internet Protocol) of the internet and now works as chief corporate strategist for MCI, delivered opening remarks at the first inaugural Email Technology Conference.
The chief topic of de......
[more] ISPs Gang Up on Spammers Even unwitting spammers could lose Internet access under tough proposal. An industry organization representing heavyweight e-mail providers Yahoo, Microsoft, America Online, and EarthLink have teamed on recommendations for ending spam, including cutting off the senders' Internet access.
A Statement of Intent, released Tuesday by the Anti-Spam Technical Alliance (ASTA), lists suggestions and "best practice" recommendations for ISPs, e-mail service providers, governmen......
[more] The new face of cybercrime You once could explain away Internet attacks as destruction for destruction's sake. But many of the juvenile delinquents of the 1990s have since graduated from mere vandalism to hacking for monetary gain. One of the consequences of this change is spam. Who hasn't received dubious e-mail propositions from people purporting to be Nigerian merchants? Respond to them, and you risk joining a crowd of people who have lost huge sums in scams run by organized crime.
Most sp......
[more] Internet Attack Targets DoubleClick DoubleClick Inc., the company that provides online advertising services for some of the nation's most popular Web sites, was the target of a sophisticated attack today, the third time in two months that hackers have targeted a major player in the commercial Internet.
Beginning at roughly 10:30 a.m. ET, unknown attackers overwhelmed DoubleClick's Internet servers with a flood of bogus Web page requests, blocking many major sites from loading ad images on the......
[more] IBM Research Joins Fight Against Spam IBM Corp.'s research arm on Friday will debut a new spam filtering test platform called SpamGuru at the first Conference on E-Mail and Spam in Mountain View, Calif.
The new offering will make its way to the enterprise with the release of IBM's Lotus Workplace Messaging 2.0 product later this quarter.
SpamGuru, which is designed to work with other anti-spam products already on the market, is a server-based product that combines a number of spam-blocking t......
[more] 'Harmless' DNS data can mask attacks A security researcher has warned that data transferred by domain name service servers can hide additional malicious information The same technology that allows Web surfers to locate and connect to computers on the Internet can be used to create covert communications channels, bypass security measures and store distributed content, a security researcher said on Saturday.
The security hack essentially uses data transferred by domain name service (DNS) servers......
[more] Better checks to stop spam An open-source anti-spam group is pioneering technical changes to the email system Open-source anti-spam specialist ASSP this week became the latest software developer to implement the Sender Policy Framework (SPF) anti-spam scheme.
Beta versions of ASSP with SPF support are currently being tested, and SPF is set to be included in the next version of ASSP, expected soon. SPF extends the Simple Mail Transfer Protocol (SMTP) and Domain Name System (DNS) so systems do no......
[more] eBay domain hijacker arrested Police in Germany have arrested a 19 year-old from Helmstedt for hijacking the site of eBay Germany about a week ago. Visitors to eBay Germany were redirected to a site hosted by internet provider Intergenia AG. Initially, phishers were suspected of the domain hijack.
The boy admitted he requested a DNS (domain name server) transfer for several high-profile sites, including Google.com, Web.de, Amazon.com and eBay Germany. While most of these transfers were denied,......
[more] eBay Germany domain hijack: No prosecution imminent The Internet auction house has no plans at present to take legal action against the 19-year-old who confessed to hijacking its Web site A school pupil who admitted taking ownership of the eBay Germany domain will not face charges immediately as eBay Germany first wants to investigate the incident further, according to ZDNet Germany.
The 19-year-old from Helmstedt, Lower Saxony, confessed last week to requesting a DNS transfer for eBay.de, but......
[more] Experts say spam fight needs to be more strategic The fight against spam to date has been too tactical and not strategic enough, according to experts at the Next Generation Networks conference.
"There's too much of the thinking, 'I've got a problem. How do I stop it from hurting me?'" says Phillip Hallam-Baker, principal scientist at VeriSign. The thinking ought to be how to stop spam in general, he says.
"It's a public health problem. We have to look for ways to stop the infection from sprea......
[more] Lycos army shoots itself in foot? The Lycos zombie army may have been the victim of its own strength, an antivirus expert believes Lycos may accidentally have launched a denial-of-service attack against its own anti-spam campaign Web site, "Make Love Not Spam".
According to security company F-Secure on Thursday, one of the Web sites Lycos targeted in its zombie army attack -- www.mortgage.info -- redirected traffic back to www.makelovenotspam.com. This means that Lycos could have targeted its o......
[more] Spyware: Is it clogging up your network? The cause of intermittent network connectivity problems can be hard to pin down in complex modern systems, but checking for spyware is a good place to start Organisations frequently ask me for assistance in diagnosing and resolving Internet problems. After a bit of detective work, I usually find that the problems are not really an Internet security issue. There's so much complexity in the corporate network these days, and so many places where a problem ca......
[more] Possible Domain Poisoning Underway Security experts late Friday warned that a DNS cache poisoning attack may be underway and redirecting users from some of the most popular Web sites to a malicious URL where spyware and adware is invisibly installed onto their computers. According to the Internet Storm Center, which posted an alert on its Web site, it had received reports that the attack was redirecting traffic from popular domains such as google.com, ebay.com, and weather.com.
DNS cache pois......
[more] Phishers turn DNS against authorities Botnets used to frustrate efforts to shut sites down. Phishing scammers are cleverly abusing automated "bots" by targeting DNS servers, security experts have warned. The new technique makes it significantly harder to shut down phishing sites.
In a conventional phishing scam, users are lured to a malicious website which counterfeits the appearance of a trusted site such as a bank or e-commerce site, and convinces the user to input their account information.......
[more] Today's Hackers Code for Cash, Not Chaos As volunteer director of the SANS Institute's Internet Storm Center, Marcus Sachs has an eagle-eyed view of Internet security, tracking cyber-threats in real time and raising awareness when malicious hackers launch attacks.
Sachs also directs the Washington operations of the Cyber Security Research and Development Center, which is operated by SRI International's Computer Science Laboratory under a contract with the U.S. Department of Homeland Security.......
[more] Microsoft plans to buy worlds largest spyware company It’s been a bad month for Microsoft’s efforts to promote their visions of trustworthiness and authentication in Internet commerce.
Just as the ground began to crumble beneath "Sender ID" email authentication proposal, it was discovered that the Redmond, Wa.-based software giant was considering acquiring Claria, one of the world’s most notorious adware and spyware companies.
Let’s look first at the email authentication wars. As I’ve discuss......
[more] DNS servers - an Internet Achilles' heel Hundreds of thousands of Internet servers are at risk of an attack that would redirect unknowing Web surfers from legitimate sites to malicious ones. In a scan of 2.5 million so-called Domain Name System machines, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that about 230,000 are potentially vulnerable to a threat known as DNS cache poisoning.
"That is almost 10 percent of the scanned DNS servers," Kaminsky said......
[more] Worm Redirects Google Searches For Profit A new worm modifies the infected PC so attempts to search using Google are directed to a spoofed site that looks like the real thing, but with different sponsored links to drive traffic to sites the hacker's designated, a security firm said Friday.
Panda Software's analysis of the P2Load.a worm showed that after compromising a PC, it modifies the Windows HOSTS file so all attempts to reach google.com -- and even mistyped addresses, such as "googel.com"......
[more] Worm spoofs Google on infected PCs Virus writers have developed a worm that spoofs the behaviour of internet search engine Google, varying the results displayed to suit the requirements of hackers.
P2Load-A modifies the HOSTS file on infected PCs by replacing the original with a file downloaded from a remote website under the control of hackers. When users run a search, the results are normally shown correctly - but sponsored links are different. For some searches, other links appear which hav......
[more] DDoS attacks still biggest threat Companies should devote more resources to countering old-fashioned DDoS attacks when investing in security, a survey of global ISPs has argued.
The figures from Arbor Networks in its Worldwide ISP Security Report came from questionnaires sent to 36 large ISPs in the US, Europe and Asia.
Over 90 percent of ISPs surveyed cited simple "brute force" TCP SYN and UDP datagram DDoS floods from zombie PC networks as their biggest day-to-day hassle, a finding which sh......
[more] Phishing net open for PayPal users A bait-and-switch scheme is targeting users of the financial service PayPal, according to security researchers. A fraudulent phishing email originating in Romania is asking users to download supposed new security measures for the PayPal service. A deceived customer then downloads a trojan which modifies the DNS server of the PC and deletes itself.
"The next time the user attempts to visit the PayPal website, he or she will instead arrive at a phishing site,"......
[more] Hackers Change Course According to the SANS 2005 Top 20 list of the most critical Internet security vulnerabilities, application programs are the thing of hackers' dreams.
In particular, the SANS report noted that backup applications are being increasingly targeted and now hold the No. 1 spot on the "Vulnerabilities in Cross-Platform Applications" listing.
Alan Paller, director of research for the SANS Institute, said that the vulnerabilities mentioned in the top 20 report are widespread an......
[more] Look at your network through a hacker's eyes Most administrators know a great deal of information about the networks they secure—that's part of the job. But to really ensure security, you need to look at your network through the eyes of a determined attacker. In this edition of Security Solutions, Mike Mullins tells you how. Hackers want to learn everything they can about your organization's Internet presence, intranet design, and security posture. The first step any serious hacker will take wh......
[more] Trojan Redirector Ups the Ante in Online Banking Attacks Researchers at Websense Security Labs have stumbled upon a password-stealing Trojan that uses sophisticated DNS redirection techniques to dodge server shutdowns and hijack online banking data.The new phishing attack targets users of more than 100 financial institutions in the United States and Europe, including Bank of America, HSBC, Barclays Bank, Lloyds TSB.According to an alert from Websense, the Trojan silently modifies the contents o......
[more] IT pros burn the midnight oil as Microsoft fixes 23 flaws on Patch Tuesday IT professionals are having a long day today as Microsoft fixed the most vulnerabilities during a Patch Tuesday since it began its monthly patching cycle The company released a dozen security bulletins that addressed 23 vulnerabilities. According to security researchers, the vulnerabilities fixed in this latest round will need to be looked after by most organizations because of the range and severity of the flaws. "T......
[more] DNS could slow broadband service A broadband provider's claim of superfast speeds may only be as good as its weakest link, which could be its domain name server software. A report issued Thursday by Nominum, a company that sells domain name system (DNS) server software, indicated that some broadband service providers need to bulk up their DNS servers to ensure that broadband users actually get all the benefits of their high-speed connections."We hear stories about carriers spending billions......
[more] Florida 'botmaster' charged with Akamai DDOS attack A Florida man was in federal court today, accused of launching a DDOS attack on Akamai which brought much of the internet to its knees - for a few hours.John Bombard, 32, of Seminole is charged with hacking into two computer systems as part of a scheme to build a botnet of "zombie" PCs to attack Akamai. According to the FBI, Bombard compromised these systems using a variant of the GAOBOT worm. The bot network assembled for the Akamai......
[more] DoS exploit for Windows XP firewall, ICS in the wild Windows XP platforms running a shared internet access service are at risk from an in-the-wild remote DoS exploit, vulnerability management firm nCircle reported Sunday. "When the (additional information) section of the DNS Datagram contains two null bytes, an error occurs at the instruction "mov dl, eax," nCircle's Tyler Reguly said on the company blog. "This causes the service and its host process (svchost.exe) to die.&quo......
[more] DDoSers bombard Military root server (and more) At least three DNS root servers, including one maintained by the US Department of Defense, were flooded with data for about 12 hours in an attack that was notable more for its audacity than any noticeable degradation of internet traffic.The DOD's G server was among those sustaining the most damage, according to an analysis of the machine's unanswered queries. The L server, maintained by ICANN, and the WIDE Project's M server, located in multiple l......
[more] Hackers drill into internet's core Hackers stepped up their attacks on the internet on Wednesday, targeting some of the main computers responsible for directing online traffic. The internet suffered a potentially debilitating attacks on three of its 13 DNS (domain name system) servers. These are operated by internet body ICANN (Internet Corporation for Assigned Names and Numbers), the US Defense Department, and domain manager UltraDNS. The attack was achieved by inundating them with large volum......
[more] New attack on Google Desktop reported Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers have said. This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire said they'd found a flaw that could allow attackers to read files or run unauthorised software on systems running Google Deskt......
[more] Your Wi-Fi can tell people a lot about you Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer--and about you Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point w......
[more] Icann shield beats DNS hackers The Internet Corporation for Assigned Names and Numbers (Icann) has released a report on the well publicised attack on the internet's backbone of DNS servers early in February.The report indicates that the internet withstood the attack because of the Anycast shield technology implemented after the last attack of a significant size in 2002.The 13 core DNS servers of the internet were hit with a significant distributed denial of service attack in early February orig......
[more] Windows weakness can lead to network traffic hijacks A problem in the way Windows PCs obtain network settings could let attackers hijack traffic, security researchers said Saturday. The problem occurs because of a design bug in the system used by Windows PCs to obtain proxy settings, researchers with security firm IOActive said at the ShmooCon hacker conference here. As a result, an attacker with access to a network, for example, at a corporation could insert a malicious proxy and see all the t......
[more] SurfControl managed services switch to distribution Security vendor implements strategy decision on BlackSpider managed services offering After months of planning, internet security vendor SurfControl has announced that its managed services offerings will go through distribution. SurfControl acquired its managed services capability through the purchase of BlackSpider for £20m last year (CRN Online, 13 July). But BlackSpider operated a strict single-tier channel strategy.A month after the a......
[more] Microsoft Confirms DNS Attacks Microsoft is confirming "very limited, targeted attacks" against its Windows Server DNS (Domain Name System) Service. The attackers are attempting to exploit a vulnerability in the DNS Service that could potentially allow for arbitrary code execution to run with the same privileges as the DNS Service itself. DNS (define) is a core server service that translates IP addresses into domain names that can be resolved. "On Windows 2000 Server and Win......
[more] PatchLink Delivers Zero-Day Remediation to Protect End Users Against Exploits in Microsoft Windows DNS Server PatchLink Corporation, the global leader in security and vulnerability management solutions, today issued an automated "DNS Zero-Day Remediation" to help its customers identify the Domain Name System (DNS) Server Service vulnerability and temporarily defend against exploits in the wild. The emergency workaround enables customers to identify if they are vulnerable, determine wh......
[more] Variants of Rinbot worm attack Windows Server DNS flaw Variants of the Rinbot worm are exploiting the Windows Server DNS Service vulnerability, researchers said today. The worm exploits the flaw by sending a specially crafted Remote Procedure Call (RPC) packet to targeted PCs, analysts said.Ron O'Brien, senior security analyst at Sophos, told SCMagazine.com today that the worm has made the vulnerability much more than just a DNS-related headache for administrators because it can also use ot......
[more] Microsoft not to fix DNS flaw until 8 May... probably Microsoft is looking to fix a critical flaw in Windows Domain Name System (DNS) servers by 8 May, the date of its next scheduled security update. The company is currently weighing up whether to address the problem earlier. Microsoft has been under pressure to address the flaw since software that exploits it has now been widely disseminated, and criminals are beginning to use it in attacks. On Monday, security experts confirmed that variants......
[more] Microsoft: No patch yet for DNS Server bug Microsoft's security team it is still working on a patch for a critical bug in the company's server software. The vulnerability in the Domain Name System Server Service of Windows 2000 Server SP4, Windows Server 2003 SP1 and Windows Server 2003 SP2, has been exploited since at least April 13, Microsoft acknowledged earlier -- although the company has continued to characterize those attacks as "limited." "Our teams are continuing to work......
[more] Microsoft preps seven bulletins for Patch Tuesday Next week's Patch Tuesday from Microsoft will include updates fixing a host of critical vulnerabilities in products that include Windows, Office and Exchange.In all, Microsoft will release seven bulletins. They include:Two affecting Windows with the maximum severity rating being critical Three affecting Office with the maximum severity rating being critical One affecting Exchange with the maximum severity rating being critical One affecting CAPI......
[more] Microsoft delivers seven patches including DNS fix Microsoft today released seven patches - all critical - addressing 19 vulnerabilities, including a promised fix for the well-publicised but sparsely exploited zero-day DNS server flaw. While that bug drew the majority of headlines over recent weeks, researchers today said the most significant patch appears to be MS-0726, which provides a fix for a critical Microsoft Exchange vulnerability that could result in remote code execution should a user......
[more] F-Secure answers .bank criticisms Security company F-Secure has answered criticisms of its suggestion that a .bank top-level domain (TLD) be created to improve the protection of online financial services. Mikko Hypponen, F-Secure's chief research officer, first suggested the .bank TLD at the beginning of May. Hypponen said that to buy a .bank domain name should be prohibitively expensive to anyone but banks, and would make online banking more secure.Hypponen caught flak from various people for t......
[more] Strange spoofing technique evades antiphishing filters A reader of 'The Register' has produced screen shots that demonstrate a powerful phishing technique that's able to spoof eBay, PayPal and other top web destinations without triggering antiphishing filters in IE 7 or Norton 360. Plenty of other PayPal users are experiencing the same ruse, according to search engine results.Matty Hall, a London resident who runs a nightclub and record label, says he's been careful to practice good PC hygiene.......
[more] Online bank security worsens Banks' online security is getting worse as they rush to offer services online, according to new research.This year's Annual Security Report from NTA Monitor, a security testing firm, found that 20% more security vulnerabilities turned up in the infrastructures of banks, building societies and other financial institutions compared with last year's report. The survey covers networks, applications and systems. By comparison, a month ago NTA reported that the security o......
[more] Mitigating the effects of a DDoS attack There's a great variety of attacks and hacks that black hats can perpetrate on your network. Fortunately, you can prevent most of them using an assortment of security measures. However, a distributed denial-of-service attack (DDoS) is an entirely different story. You can't thwart a DDoS attack - they attack an IP address or service that's available to the internet.If you can't prevent such an attack, what can you do to protect your organisation? You can be......
[more] UK2.net hack cuts off email Cut-rate internet host UK2.net has become the subject of a hacking attack, leaving customers temporarily unable to access their email.Customers turning up to the site this morning were confronted by a defaced page, apparently posted by an Islamist hacker. Several reported to us that they were unable to access their email. The experiences of Register reader Andy are typical:UK2 has (for me) been uncontactable since 06:00 this morning as my POP3 email was not functioni......
[more] War on phishing to last 20 years Cybercrime experts believe we are in for the long haul fighting phishing attacks as criminals change tack. The fight against phishing gangs could last 20 years, according to an expert.Speaking at a MarkMonitor roundtable event in London, Tony Neate, managing director of internet safety campaign Get Safe Online said that online crimes and the gangs who commit them will still be around for the foreseeable future."We will still have people falling for phishing......
[more] DNS is a hacker's playground Many companies remain vulnerable to attacks against domain name system servers, despite efforts to secure them, according to a new study. More than half the respondents to a Mazerov Research and Consulting study reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44 percent had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally......
[more] Security expert: Storm botnet 'services' could be sold The owners of the Storm botnet, whose identities are as yet unknown, could be preparing to sell off the "services" of segments of the network, according to Joe Stewart, a researcher from managed security services company SecureWorks. Stewart claimed in a blog post on Sunday that the latest Storm variants now use a 40-byte key to encrypt their peer-to-peer traffic, meaning each node will only be able to communicate with nodes that use the sa......
[more] Macs seized by porn Trojan Miscreants have released a sophisticated Trojan into the wild that targets Mac users, according to Intego, a company that markets security software that runs on OS X.The malicious Trojan, dubbed OSX.RSPlug.A, is making the rounds on several porn websites. When Mac users try to view some videos, the site feeds them a page that says QuickTime is unable to play the file unless a special codec is installed first. If the user proceeds, a form of DNSChanger is installed tha......
[more] Warning from GSS as first serious Apple Mac Trojan hits Apple Mac users are no longer immune to Trojan attacks, after a Texas-based Mac security firm, reported the first serious Trojan to affect the Apple Mac platform. Users may be forced to contact their IT suppliers to protect themselves.The Trojan targets a computer's DNS server and adds a malicious entry that intercepts and re-routes web requests to malware-ridden and/or porn sites. Preparing a defence against this malware will be difficult......
[more] Alicia Keys' MySpace page hacked, serves up attacks Multiple MySpace pages, including the official page of popular R&B singer Alicia Keys, have been hacked and are spewing both socially engineered attacks and behind-the-scenes drive-by exploits, a security researcher said late Thursday. Although it's unclear how the MySpace pages were originally compromised, they're now dangerous places to visit, said Roger Thompson, chief technology officer for Exploit Prevention Labs Inc. Among the attack......
[more] GSS reveals perils of social networking sites Global Secure Systems (GSS) a leading IT security consultancy firm claims to have saved thousands of pounds a year by practising what they preach by blocking access to Facebook and other social networking sites on its company network with Internet filtering software. "Our Internet bandwidth requirements recently came up for review and it was suggested we would need an upgrade, costing a few thousand pounds more a year," said David Hobson,......
[more] DNS servers still vulnerable Poor configuration is leaving DNS servers open to attack, but overall the system is growing and modernising, according to a new survey. DNS servers are increasing and modernising, but many are still vulnerable to attacks, according to a new study. The third annual survey conducted by Infoblox and the Measurement Factory looked at the state of Domain Name System (DNS) servers across the public internet by surveying 80 million named servers. DNS servers map domain name......
[more] UK net numbering project starts Staying in touch via phone or web could soon get easier as work starts on a way to unite the internet and the telephone network. When finished the UK's national Enum directory will make looking up net phone numbers like finding a website. Initially the directory will target the UK's net telephony networks so calls can cross between them more easily. But the directories are expected to one day hold details of the many different ways almost anyone can be contacted.......
[more] IE flaw emerges again A Windows vulnerability that had previously been patched has re-emerged – and Microsoft said that the flaw could expose some customers to online attacks. The flaw primarily affects non-US corporate users and could be exploited by attackers to redirect a victim to a malicious website. Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and was then publicised at Kiwicon, a hacker conference in New Zealand. "This......
[more] Fending off VoIP security problems I'm hearing more about new kinds of attacks on LANs, such as voice-over-IP attacks or exploits that use printers as a source of attack. How can LAN security help me prevent those attacks? It's absolutely true that these kinds of attacks are on the rise. In fact, the SANS Institute recently listed client-side attacks as one of today's most critical vulnerabilities. While it may be foolhardy for any of us to think we can fully prevent such attacks, you certainly......
[more] Upcoming Microsoft patches focus on media formats Microsoft will issue seven security updates next Tuesday, including critical sets of patches for Windows and Internet Explorer. The three critical updates are all for Windows components, Microsoft said in a note on the upcoming release. These components include Internet Explorer, the DirectX and DirectShow graphics software, and the Windows Media Format Runtime, which is used by Windows Media Player. The media flaws could be quickly exploited by......
[more] New wave hackers target open DNS servers Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet. The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using t......
[more] Cisco plugs VoIP malware loophole Cisco rushed out a brace of security on Thursday to defend against potentially dangerous exploits via its VoIP kit, including the possibility of malicious code being injected into vulnerable networks. The twin advisories from the network giant cover a range of vulnerabilities in Cisco IP Phones and its Unified Communications Manager (UCM) call management software.A range of Cisco 7900 Series IP Phones are subject to multiple flaws, some of which may lend themse......
[more] UK banks hit by phishing assault UK banks were the second-most targeted in the world last month, following the emergence of phishing attacks via the Storm botnet, according to a new report from RSA. UK financial institutions accounted for 15 percent of all banking brands targeted, according to a report from RSA's Anti-Fraud Command Center (AFCC) last week. They followed on from US banks at 61 percent. RSA's findings are roughly consistent with those of other security firms. McAfee, for instance......
[more] Gooner fan site nobbled by malware An Arsenal fan site has been compromised to serve up sophisticated malware. Malicious code smuggled onto Onlinegooner.com redirected users to sites in Asia and Russia that download a wide variety of nasties onto vulnerable Windows PCs. The downloaded malware contains a potent cocktail of rootkit, keylogging, backdoor, ARP (Address Resolution Protocol) poisoning, and DNS (Domain name system) spoofing capabilities.An analysis by net filtering firm ScanSafe sugge......
[more] Potty-mouthed hackers steal comcast.net keys, go for a spin Unknown hackers hijacked Comcast's domain name for three hours overnight, sending subscribers who tried to access webmail and other services to a rogue site that bragged of the exploit. Comcast lost control of the comcast.net address after the attackers changed registration information stored by its domain registrar, Network Solutions, a Comcast spokesman said. The unauthorized change redirected people attempting to visit the site to a......
[more] Researchers breach Microsoft's CardSpace ID technology A trio of computer security researchers say they've successfully compromised Microsoft's CardSpace, a technology intended to strengthen the security of personal information on the Internet. CardSpace ships with the Windows Vista operating system. It works in concert with a browser when someone uses a Web site that asks for information such as an address or a credit card number. That personal information can be stored on the user's computer......
[more] Extended WiFi range creates security risks A growing number of gadgets are now appearing on the market to offer WiFi users extended range when picking up "free" WiFi signals. "These devices, which can be obtained for under 20.00 pounds or so, can easily extend the effective range of a WiFi access point or router up to two or three hundred yards. This means that companies that think their WiFi access point is limited to their company building, need to think again," said David Hobson, GSS' managin......
[more] New DNSChanger Trojan variant targets routers Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site. The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tu......
[more] Software makes virtual servers a moving target Carefully managed virtual servers can make the job of attackers more difficult by reducing the time that any one version of a server is exposed to the Internet, according to a George Mason University professor who has developed software that phases virtual servers in and out of use. By limiting how long virtual servers remain online and synchronizing their replacement with fresh servers, businesses can cut the damage hackers in......
[more] Corporations riddled with security holes Poor corporate IT security is leaving businesses vulnerable - with almost 90 per cent of breaches found to have been preventable. A trio of studies have painted a damning picture of business security, with online vulnerabilities rising as companies and authorities fail to apply patches, update antivirus software and leave firewalls disabled. Vulnerabilities on UK company and public sector networks grew from 19 last year to 21 this year according......
[more] ICANN: Meddling with DNS poses security problem The interception of Internet traffic to snoop on phone calls or track surfers' behavior is a hot topic -- but what's keeping members of ICANN's Security and Stability Advisory Committee up at night is the interception of traffic to and from sites that don't even exist. They explained why in a session at ICANN's public meeting in Paris on Monday. There are still a few possible domain names out there that have not yet been registered, and if you acc......
[more] Registrar blamed for ICANN domain hijack ICANN, the organisation that oversees the web's top-level domain naming system, has said that the hijacking last month of several of its domains was due to a security breach at the registrar that manages those URLs. Although it did not name the registrar explicitly, according to WHOIS searches, New York-based Register.com manages the domains that were redirected, as well as the primary icann.org and iana.org domains.Two weeks ago, Turkish hackers reroute......
[more] Hackers gang up on Kaminsky over DNS flaw Over seventy per cent of UK firms are banning the use of public instant messaging clients in the workplace, despite three-quarters saying they understand the business benefits of the technology. According to new research released today. Kaminsky made headlines earlier this week by talking about a major flaw in the DNS software used to connect computers to each other on the Internet. In late March he grouped together 16 companies that make DNS software -......
[more] To disclose or not to disclose? Disclosing security problems is a good idea, says Bill Thompson, except when it isn't. In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desir......
[more] Attack code released for DNS bug Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet. The attack code was released Wednesday by developers of the Metasploit hacking toolkit. Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed......
[more] Attacks begin on net address flaw Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts. The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details. In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread. Net security groups say there is anecdotal evidence that small scale attacks are already happening. A......
[more] DNS patches cause problems, developers admit Patches released earlier this month to quash a critical bug in the DNS (Domain Name System) have slowed servers running BIND (Berkeley Internet Name Domain), the Internet's most popular DNS software, and crippled some systems versions of Windows Server. Paul Vixie, who heads the Internet Systems Consortium (ISC) , the group responsible for the BIND software, acknowledged issues with the July 8 fix that was rolled out as part of a multi-vendor up......
[more] Exploit reveals the darker side of automatic updates A recent study of Web browser installations showed that far too few are up to date with the latest security patches. And browsers aren't alone; as my dear old mum can attest, it can be hard to keep up with operating system and application patches when all you want to do is use your computer for work. It should come as no surprise that many PCs are vulnerable to security exploits that could otherwise be prevented. Firefox got top marks in the......
[more] Firewall Vendors Scramble to Fix DNS Problem Nearly a month after a critical flaw in the Internet's Domain Name System was first reported, vendors of some of the most widely used firewall software are scrambling to fix a problem that can essentially undo part of the patches that address this bug. The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium. Some firewall software undoes a source port randomization feature tha......
[more] Apple misses mark on DNS patch Security researchers are claiming that Apple has failed to fully patch the high profile DNS cache poisoning error. The company issued the patch last week as part of a larger security update. The so-called Kaminsky flaw (named after its discoverer, Dan Kaminsky) has sent vendors scrambling to patch what is said to be a fundamental vulnerability in the DNS system. According to Andrew Storms, director of security operations for network security firm nCircle, Apple's......
[more] Microsoft promises 12 patches next week Microsoft Corp. today said it will deliver a dozen security updates next week to fix critical vulnerabilities in Windows, Office, Internet Explorer (IE) and the media player bundled with Vista. Of the 12 updates it sketched out in the advance notification issued this morning, Microsoft pegged seven as "critical," its highest threat rating. The remaining five were labeled "important," the second-highest ranking. "We almost have a baker's dozen,"......
[more] Kaminsky reveals 'many ways' to attack with DNS Dan Kaminsky has revealed more details about the DNS flaw, and has said that he would do it all over again, despite receiving some harsh words from his peers in the security community. Kaminsky's full-time job over the past few months has been working with software vendors and Internet companies to fix a widespread flaw in the DNS (domain name system), used by computers to find each other on the Internet. Kaminsky first disclosed the problem on 8......
[more] CookieMonster nabs user creds from secure sites Websites used for email, banking, e-commerce and other sensitive applications just got even less secure with the release of a new tool that siphons users' authentication credentials - even when they're sent through supposedly secure channels. Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim's browser into turning over the authentication cookies used to gain access to user account sections of a......
[more] Telecoms body slammed for endangering Net anonymity An international telecommunications has been slammed by privacy advocates for trying to stem the number of DoS attacks by limiting the amount of anonymity on the web. The International Telecommunications Union (ITU) has produced a draft recommendation, X.tb-ucr, (Trace back use case and requirements), which aims to identify the source of packets sent across IP networks.Making it possible to trace the origin of all Internet traffic "raise......
[more] Enhanced security policies needed in light of Insolvency Service data breach The Insolvency Service has admitted that four laptops containing the details of 385 former directors of insolvent companies has been stolen from its Manchester offices. One of the four laptops stolen was said to contain information on directors from 122 firms, including names, addresses, dates of birth and occupations, although no bank account details were held. The Insolvency Service also reported that a further 150 p......
[more] U.S. gov't proposes digital signing of DNS root zone file The U.S. government is soliciting input on a way to make the Internet's addressing system less susceptible to tampering by hackers. Under the idea, records in the DNS root zone would be cryptographically signed using DNSSEC (Domain Name and Addressing System Security Extensions), a set of protocols that allows DNS records to carry a digital signature. The U.S. Department of Commerce is asking for comments through Nov. 24 on how DNSSEC co......
[more] Mafiaboy grows up: A hacker seeks redemption Now a security consultant, the hacker who knocked Yahoo offline has a book detailing his criminal career and offering advice on how to protect yourself on the Internet. The Internet attack took Yahoo engineers by surprise. It came so fast and with such intensity that Yahoo, then the Web's second most-popular destination, was knocked offline for about three hours. That was on the morning of Feb. 7, 2000. A few months later, 15-year-old Michael Calce&n......
[more] Survey: One DNS server in 10 is 'trivially vulnerable' More than 10% of the Internet's DNS servers are still vulnerable to cache-poisoning attacks, according to a worldwide survey of public-facing Internet nameservers. That's despite it being several months since the vulnerabilities were disclosed and fixes made available, said DNS expert Cricket Liu, whose company, Infoblox, commissioned the annual survey. "We estimate there's 11.9 million nameservers out there, and over 40% allow open re......
[more] Net bombarded by heaviest ever attacks this year Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. IP networks were bombarded by Distributed Denial of Service (DDoS) attacks – attempts to make networks unreachable by flooding them with traffic – as intense as 40Gbps, a survey of 70 IP network operators worldwide has claimed. The report by Arbor Networks says that the largest sustained attacks in the last two......
[more] Hot or not: Software update vulnerabilities The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too. There's been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vectors of attack. This is unfortunate, as one of the primary tenets of keeping systems relatively secure is to maintain current patch levels. And when most u......
[more] New trojan in mass DNS hijack Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems. The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee's Avert Labs, t......
[more] New DNS changing malware detected Trend Micro has detected a new DNS changing form of malware which poisons other hosts on the local subnet installing a rogue Dynamic Host Configuration Protocol (DHCP}server on the network. Technical Communications spokesperson JM Hipolito explained that the DHCP is a protocol used to disseminate required information to network clients in order to operate within an IP network. Once a user connects to a network, it will send a request to a DHCP server (the metho......
[more] ICANN proposes scam website blocking The overseer of the Internet's addressing system is soliciting ideas for how to fix a problem that is enabling spammers and fraudulent websites to flourish. The Internet Corporation for Assigned Names and Numbers (ICANN) has issued an initial report on fast flux, a technique that allows a website's domain name to resolve to multiple IP addresses. Fast flux allows an administrator to quickly point a domain name to a new IP address, for example if the server a......
[more] The five biggest security threats facing businesses today Keeping valuable data locked up inside the company is no longer viable as consumer tech and home working become increasingly common and with IT offshoring and software as a service forecast to continue growing in 2009. But can corporate networks really afford to relax their door policy when the multibillion pound global cybercrime menace is being buoyed by increasingly impoverished and desperate techies? Recent research by analysts Forr......
[more] DNS service tracks Downadup infections OpenDNS, a company that offers specialised DNS services, on Monday launched a service designed to help network administrators spot and remove infections by the widespread Downadup worm on their networks. Downadup, also known as Conficker or Kido, targets Windows machines and spreads via USB, fileshares and email. It takes advantage of the Microsoft vulnerability detailed in MS08-067; while the company issued a fix for this in October 2008, many system......
[more] Kaminsky calls for DNSSEC deployment Dan Kaminsky's second act has begun: Pushing the adoption of the DNSSEC security standard for the domain-name system. So many security frameworks — from password resets via e-mail to SSL certificates — rely on DNS in some way that the protocol has to be secured for Internet security to work, Kaminsky told attendees at the Black Hat DC Security Briefings. DNSSEC is by far the leading security standard for the domain-name system, and the US government has alrea......
[more] Getting network baselining right While simple in concept, network baselining is often misunderstood. Baselining involves recording network traffic and performance, saving it for future reference and/or reviewing it to see traffic patterns. Once baselines are saved, they can be used as a benchmark with which to compare other traffic patterns. The technique provides the network administrator insight into expected behavior on the network and subsequently, the ability to notice changes. People ofte......
[more] Microsoft, researcher clash over security patch On Tuesday, Microsoft released a patch for a hole in Windows 2000 and Server 2003 and 2008 that could allow an attacker to redirect network traffic to a malicious site that has been set to serve as a proxy. The vulnerability, rated important by Microsoft, allows IT managers to set a Windows Proxy Auto-Discovery, or WPAD, entry in the DNS. If IE or Firefox are configured to 'automatically detect settings', the browser will connect to the proxy mach......
[more] Some UltraDNS customers knocked offline by attack NeuStar confirmed that some of its UltraDNS managed DNS service customers were knocked offline for several hours Tuesday morning by a distributed denial of service attack. "Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours," the Reston, Va. company said in a statement. "While we continue to investigate the cause, the......
[more] Three Free, Easy Ways To Protect Your Network Whether the Conficker worm booms or fizzles, take it as a reminder to keep your networks safe. You could spend money on a security consultant--which isn't such a bad investment if helpful--but here are three free tricks to increase your network's security. Use OpenDNSUse OpenDNS Internet traffic gets routed through IP addresses; the text you type as a URL only sits on top of those numbers. Normally, when you type "pcworld.com," it gets ref......
[more] Conficker infections higher than first thought Whether the Conficker worm booms or fizzles, take it as a reminder to keep your networks safe. You could spend money on a security consultant--which isn't such a bad investment if helpful--but here are three free tricks to increase your network's security. OpenDNS has more than 10 million users worldwide, the company said.OpenDNS wouldn't say exactly what percentage of its users were infected by the worm, but the Conficker.C infections it counted w......
[more] Black Hat promises news of major security flaw Organisers of next week's Black Hat Europe conference are promising a security presentation that could impact anyone who uses the Internet. No details have yet been released. They say the presentation, due to take place 16 April, will be as important as the one from security researcher Dan Kaminsky at a Black Hat's conference last July about a widespread flaw in the DNS. Kaminsky's research prompted a massive, industry-wide effort to patch DNS serv......
[more] Cache-poisoning attack snares top Brazilian bank One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report. According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what's known as a cache poisoning attack on Brazilian internet service provider NET Virtua. RegAd('mpu1', 'reg.security.4159/crime'......
[more] Blue Coat looks to streamline WAN optimization rollouts Blue Coat Systems is aiming for instant gratification with a new configuration wizard designed to help IT professionals get their ProxySG appliances up and running quickly. The streamlined setup executes a baseline WAN optimization configuration, including the ability to accelerate remote file access (utilizing CIFS), e-mail and Web-based applications. The wizard enables setup in less than a minute, says Carrie Oakes, vice president of......
[more] D-Link puts CAPTCHA on home router Home router vendor D-Link has taken the unusual step of adding a CAPTCHA login to its range of broadband routers in order to bolster them against automated Internet attacks. Only one product currently includes the technology, the DIR-685 Wireless N Storage Router, but a number of others will shortly add it to their feature set by upgrade, the DIR-615, DIR-635, DIR-655, DIR-825, and DIR-855. All future products in this part of the market will include CAPTCHA, t......
[more] Security group converges to fight Internet abuse As cybercrime continues to proliferate on the Internet, one industry security group is hoping its work will help stem the tide of spam and scams. The Messaging Anti-Abuse Working Group (MAAWG) held a three-day meeting in Amsterdam this week, discussing spam, network security, the DNS (Domain Name System) and other topics. Industry professionals traded ideas on stopping abusive online behavior. Much of MAAWG's work is done behind closed doors. The......
[more] New devices make hotspots a hacker's paradise Airport lounges, train stations and hotels represent three of the easiest attack vectors for hackers, according to white hat hacker, Chris Gatford. Speaking at IDC's SecurityVision conference today, Gatford said the vast majority of public hotspot users put their organisation's data at risk by connecting without a VPN to the "Linksys global wireless network" - his term for open networks set up in peoples homes that are left unsecured. Gatford, direc......
[more] ICANN security group calls for end to 'wildcarding' Security advisors to the Internet Corporation for Assigned Names and Numbers (ICANN) have called for a ban on the practice of 'wildcarding', in which internet service providers and registrars redirect queries for inactive domains to their own holding pages. The Security and Stability Advisory Committee (SSAC) presented its report, entitled Recommendation to Prohibit the Use of Redirection and Synthesized Responses by New Top-Level Domains (TLD......
[more] Twitter Malware Attack Targets Both Mac and PC Why hit one OS with malware when you can hit two? That is the question. The situation is this: The Twitter account of well-known venture capitalist Guy Kawasaki was hacked and used to send out tweets luring users to a site hosting malware. According to Trend Micro, the malware changes the DNS settings of Windows and Mac machines. If Mac users attempt to view the promised pornographic video on the site, they will download a malicious file. "Fo......
[more] Researchers set to reveal SSL vulnerability Confidential online connections made from public wireless hotspots remain vulnerable to attacks despite improved security that was supposed to fix the problem, according to security researchers. The vulnerability means that attackers can lurk in the middle of what victims think are secure SSL sessions with banks, retailers and other secure websites, picking off passwords and other information that can be used later to steal account funds or compromise......
[more] Irish ISP Eircom hit by multiple attacks that restrict service for users The Irish ISP is experiencing an unprecedented volume of traffic that officials believe is multiple DNS poisoning attacks. The site has been experiencing problems for other month, according to Dark Reading, when users first began to complain of slow response times at the end of May. Rik Ferguson, senior security advisor at Trend Micro, claimed that it was ‘certainly clear that many Eircom subscribers are being redirected to......
[more] DNS remains vulnerable one year after Kaminsky discovered bug A year has passed since security researcher Dan Kaminsky disclosed a serious flaw in the DNS that makes it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing. Kaminsky’s disclosure was a wake-up call to network vendors and ISPs about the inherent weaknesses in DNS, the foundational Internet standard that matches......
[more] New warning on DNS vulnerability DNS users have been warned about a new vulnerability that could put their servers at risk. The Internet Systems Consortium (ISC) and United States Computer Emergency Readiness Team (CERT) have discovered a flaw in the BIND9 DNS code that could be exploited to cause a system crash. There is also believed to be an attack script floating around in the wild that could be used to exploit the vulnerability. "It's a zero-day exploit and you need to patch BIND9 imm......
[more] Security elite pwned on Black Hat eve On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have obtained more than four years' worth of data from Kaminsky, and as proof, it offered a smattering of emails, instant messages, and other......
[more] Nine things about botnets that will scare your pants off I wondered just how deep and wide the botnet problem goes. What I learned with just a little bit of research is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect. Let me share nine known things about botnets that will scare your pants off. At the very least, perhaps this article will prompt you to step up your effort to keep your corporate PCs off the illicit botnets. 1.......
[more] Open source project aims to make secure DNS easier A group of developers has released open source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers. The software, called OpenDNSSEC, automates many tasks associated with implementing DNSSEC (Domain Name System Security Extensions), which is a set a set of protocols that allows DNS (Domain Name System) records to carry a digital signature, said John A. Dickinson, a DNS consultant working......
[more] Mozilla patches three Firefox bugs Mozilla has patched Firefox 3.5 and Firefox 3.0 to quash three security vulnerabilities, including a pair unveiled last week at Black Hat, and a third Mozilla itself revealed last month. Firefox 3.0.13, the update to the older browser that Mozilla will drop off the support list in January 2010, includes two bugs, while Firefox 3.5.2 fixes a separate flaw. The vulnerabilities patched by Firefox 3.0.13 were disclosed last week by Dan Kaminsky of IOActive and a s......
[more] Internet needs fundamental changes to survive The basic internet protocols need reworking according because it lacks proper security say experts. The basic TCP/IP protocols are unsuited to the modern internet delegates have been told. Instead a new system that sacrifices openness for accountability is needed. “There are fundamental problems in the internet and maybe we need to look at fundamental fixes,” said Marchus Sachs, executive director of Government Affairs for National Secur......
[more] DHS report: IT sector is resilient against serious cyberattacks A report from the U.S. Department of Homeland Security presents several scenarios in which well chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. But the document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions. The 114-page report, released Tuesday, titled the "IT Sector Baseline Risk As......
[more] Google launches alternative DNS resolver Google has created a new system to resolve DNS (domain name system) queries that the company claims will speed up Web browsing for end-users, as well as make it more secure. Google Public DNS, announced on Thursday, is still in an experimental phase.
It attempts to improve on existing DNS resolver technology with faster, more efficient caching and additional security safeguards against spoofing attacks that try to dupe users into visiting malicious Web......
[more] Twitter brought down by hackers Microblogging site Twitter went offline for a while Friday after hackers calling themselves the Iranian Cyber Army apparently managed to change DNS records, redirecting traffic to another Web page. Instead of the usual Twitter Web site design, visitors to the site instead saw a black screen with an image of a green flag and Arabic writing. The defaced site also included a message that said, "This site has been hacked by Iranian Cyber Army," and an e-mail address.......
[more] 2010 predictions: Security The security landscape is a complex, multi-layered one that changes more subtly and indefinitely than the seasons. It is therefore hard to predict security trends with any degree of certainty. That said, by looking back at the security developments of the past year and talking to security experts, we believe we have come up with a list of key trends that any IT leader worth his or her salt would be wise to keep an eye out for in 2010. Spam, botnets, social networks -......
[more] Security tips for large and small businesses Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks--steps that even enterprise-class security specialists may slip up on. Know Who Might Be Targeted - and How and Why
With the recent news of attacks on US companies including Google, many business owners might be thinking, "That wouldn't......
[more] UK registry to tighten web security The UK's domain registry Nominet, is set to implement DNS Security Extensions (DNSSEC), a security protocol designed to protect the DNS (Domain Name System). DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. It is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website. In 2008, security researcher Dan......
[more] Overlooked online threats There's the danger you know, and then there's the danger you don't know. Most of us are rightfully wary of downloading and running programs that have no pedigree, or of performing day-to-day operations as an administrative user. But with each passing year, new security threats march in to eclipse the old, many of them not getting their share of attention until it's too late. Threats go unappreciated for various reasons. Some seem too obscure or unlikely to be valid unt......
[more] Tighter security coming for .org names The Public Interest Registry will add an extra layer of security known as DNS Security Extensions (DNSSEC) to the .org domain in June -- a move that will protect millions of non-profit organizations and their donors from hacking attacks known as cache poisoning. In a cache poisoning attack, traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing. Cache poisoning attacks are the result of a serious fl......
[more] New malware overwrites Adobe software updaters For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.......
[more] Warning: Why your Internet might fail on May 5 Network managers are being urged to run a series of checks on their routers and firewalls to ensure their users will still be able to connect to internet sites in the wake of a major change to the internet's domain name system next week. On May 5, the world's top domain authorities (led by ICANN, the US Government and Verisign) will complete the first phase of the roll-out of DNSSEC (Domain Name System Security Extensions) across the 13 root serve......
[more] Security firm reveals Microsoft's 'silent' patches Microsoft acknowledges fixing three internally found flaws without disclosing the details in security advisories Microsoft silently patched three vulnerabilities last month, two of them affecting enterprise mission-critical Exchange mail servers, without calling out the bugs in the accompanying advisories, a security expert said today.Two of the three unannounced vulnerabilities, and the most serious of the trio, were packaged with MS10-024 , a......
[more] DNS security reaches 'key' milestone The dream of bolting security onto the Internet's Domain Name System takes one step closer to reality Wednesday as Internet policymakers host a ceremony in northern Virginia to generate and store the first cryptographic key that will be used to secure the Internet's root zone. The key ceremony is one of the final steps in the deployment of DNS Security Extensions (DNSSEC) on the Internet's root zone. DNSSEC is an emerging Internet standard that prevents spoo......
[more] Honeypots for hacker detection Most corporate networks lack serious oversight, that is, no one is really watching. Watching the network and computer systems is expensive, overwhelming and fraught with false positives. No wonder then that insider attacks go undetected for months, malware proliferates stealthily and hackers can spend their time gradually infiltrating deeper and deeper, undetected. It's simply too hard to discern between legitimate activities and illegitimate or malicious activiti......
[more] Flaw could expose 'millions' of home routers Millions of household routers are susceptible to a flaw that creates a handy means for hackers to hijack surfing sessions or hack into home networks. Craig Heffner, a researcher at security consultancy Seismic, is due to detail the flaw and release a proof-of-concept tool at the Black Hat conference in Vegas later this month. The DNS rebinding-related security flaw affects kit from Linksys Belkin and Dell, among others. DNS rebinding have been around......
[more] DNS Made Easy rallies after punishing DDoS attack DNS Made Easy has restored services following a vicious denial of service that peaked at 50Gbps on Saturday. The identity of the perpetrators and their motives remain unclear. One possible scenario is that hackers with a grudge against the site hired a botnet to swamp DNS Made Easy with useless traffic. A blow-by-blow account of the attack can be found via DNS Made Easy's Twitter feed.The firm said it experienced 1.5 hours of actual downtime dur......
[more] Criminals 'go cloud' with attacks-as-a-service Just like legitimate businesses, criminals are turning to the cloud as a way to generate new services and simplify their infrastructure. While some sites offer botnets for lease or sale, and other sites offer aid with cheating on games, the latest crop of criminal enterprises is serving up attacks as a service. In the latest example of this, a Chinese group has opened up a site, called IM DDODS, that allows customers to sign in and order denial-of-s......
[more] Human error gave spammers keys to Microsoft systems Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites. Microsoft launched an investigation Tuesday, after the problem was first reported in the Register. "We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error," Microsoft said Wednesday in......
[more] Security firm gets punk'd: Could it happen to you? When a security software vendor's site gets hijacked, you have to wonder who is safe -- and how it happened. Here's the story. Last Thursday, people venturing to the main website of renowned security firm Secunia saw a strange defacement. Secunia.com sported a main page entitled "Hacked by TurkGuvenligi" with a graphic headed "Is?ms?z Kahramanlar Sunar..." (which is Turkish for "Anonymous Heroes Presents") and an i......
[more] Security Manager's Journal: Buried in SIEM configuration I mentioned in my previous column that in my new job, I inherited a project to implement a security incident and event management (SIEM) tool. In response, several readers e-mailed to tell me about their experiences. Here's what I've learned in tackling this project over the past couple of weeks. There are a few different ways to use SIEM. It can alert you to anomalous behavior and malicious code. By pulling in data from our antivirus sca......
[more] Harvard study probes Denial of Service attacks Distributed Denial of Service (DDoS) Attacks have emerged as one of the more vexing issues network administrators face, according to a study by the Berkman Centre for Internet Society at Harvard University. Major websites such as Amazon, Facebook and Google have the resources to reduce outages to less than a few hours. But the study focused on the vast majority of Government and smaller independent media and human rights sites to draw out broad rang......
[more] 10 building blocks for securing the Internet today During his keynote speech at RSA Conference 2011, Microsoft's corporate VP for trustworthy computing Scott Charney called for a more cooperative approach to securing computer endpoints. The proposal is a natural maturation of Microsoft's (my full-time employer) End-to-End Trust initiative to make the Internet significantly safer as a whole. It closely follows the plans I've been recommending for years; I've even written a whitepaper on the subje......
[more] Your handy PC security checklist In this emerging age of cloud computing, it's easy to remain focused on the server side of the security equation. However, with crafty cyber criminals running rampant and the continued rise of APTs (advanced peristent threats), securing end-user systems remains critical. Hackers and other troublemakers have a variety of ways by which to turn a PC a perfect access point for wreaking havoc, be it via an outsider exploiting an unpatched vulnerability or an insider t......
[more] Firm points finger at Iran for SSL certificate theft Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today. The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL......
[more] Solo Iranian hacker takes credit for Comodo certificate attack A solo Iranian hacker on Saturday claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo. Early reaction from security experts was mixed, with some believing the hacker's claim, while others were dubious. Last week, conjecture had focused on a state-sponsored attack, perhaps funded or conducted by the Iranian government, that hacked a ce......
[more] New method finds botnets that hide behind changing domains Researchers at Texas A&M University say they have a new method for finding domain-fluxing botnets, which evade detection by constantly alternating domain names. Dr. Narasimha Reddy, who works in the University's Department of Electrical and Computer Engineering, collaborated with student Sandeep Yadav and Ashwath Reddy, as well as with Supranamaya "Soups" Ranjan with Narus Inc., to develop the new method. It can be used to......
[more] VeriSign DNS fix paves way for safer Internet VeriSign, the administrator of the .com domain, announced on Thursday that the company had deployed the domain-name system (DNS) security extensions to that popular top-level domain. In addition to .com, the other major top-level domains have been signed, including .edu, .gov, .net, and .org. DNSSEC adds another layer of cryptographic authentication to domain names, making certain types of DNS hacks, such as cache-poisoning and man-in-the-middle atta......
[more] Domain security comes to .co.uk Nominet plans to bring a higher level of security to UK domain names within the next two weeks. The .uk registry manager said on Thursday that it has implemented the new DNSSEC protocol in the .co.uk zone. Companies could be able to cryptographically sign their internet addresses as early as May 18. DNSSEC (domain name system security extensions) is an IETF standard that makes it harder for attackers to steal traffic by spoofing domain-name routing information.If......
[more] DNS agility leads to botnet detection Online criminals have evolved their tactics to harden their botnets against takedown using a variety of tactics, including fast-flux networks and Conficker-like dynamic domain generation. Yet, such tactics can also pinpoint when such networks are being created by bot operators, according to research from the Georgia Institute of Technology. The research found that dynamically detecting changes in the domain name system (DNS) can lead to the early detection o......
[more] Top level domain explosion could wreak MAYHEM on NET A plan to populate the internet with hundreds or thousands of new top-level domains has security researchers pondering some of the unintended consequences that could be exploited by online criminals. Some of the scenarios aren't pretty. Consider the mayhem that might result from addresses that end in "exchange," "mailserver," "domain," or other strings that are frequently used to designate highly sensitive resourc......
[more] Microsoft patches 1990s-era 'Ping of Death' Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death." Of Tuesday's 13 updates, called "bulletins" by Microsoft, two were labeled "critical" -- the most-serious rating in the company's four-step score -- nine were marked "important," the next-most-dangerous......
[more]
