Comments on: Exploit for Kaminsky DNS Bug Goes Wild

By: Morgan Storey

Morgan Storey — Wed, 27 Aug 2008 10:02:15 +0000

Just thought I’d let everyone know the video is now available on Dans talk, having listend to the audio, it was very interesting to hear all the players sides of things, a bit light on the detail but ah well.

http://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v

By: Morgan Storey

Morgan Storey — Fri, 01 Aug 2008 08:28:54 +0000

@navin: it would be hard to be Moore, metasploit would constantly being scanned, prodded and probed, any weakness would be exploited quicker than it took you to read this.
On the posting issue, I am no longer getting the issue in Firefox, but I can confirm that when I was getting it in Firefox I tried IE on another computer on my lan and had the same issue, so I don’t think it is just Firefox.

ONTOPIC: Metasploit is really a damn good framework, I really must play with it more.

By: zupakomputer

zupakomputer — Thu, 31 Jul 2008 17:21:17 +0000

It’s nothing new (the idea of original people being replaced) - the same soap operas of the gods and illuminati are described in the Vedas etc also.

=And so-and-so redirected his rival and nemesis to the honeytrap he had lain out, and lo it was so sticky that they became trapped for generations in which time so-and-so sired 20 children with thingys wife whilst pretending to be thingy

until an angel / root server did notice this transgression, and appeared to thingys wife in a dream / automatic update=

……..the usual.

By: Navin

Navin — Thu, 31 Jul 2008 17:06:40 +0000

First of all…..huh?? and secondly, sids911 said -I am seeing frames in my google results page, sign of things to come?

watch out mate, you may be a victim of a similar attack!

By: zupakomputer

zupakomputer — Thu, 31 Jul 2008 17:00:17 +0000

You know, this whole topic isn’t much different from all the claims that various officials are replaced with lookalikes and then some. Sometimes at their own behest, no less.

By: zupakomputer

zupakomputer — Thu, 31 Jul 2008 16:58:06 +0000

I haven’t had an updated IE online for ages so I can’t test that out; I’m using Seamonkey here.

Mine is back to normal - now it justs prevents comments going through if I’ve been typing on the page so long that its timed-out.

By: Navin

Navin — Thu, 31 Jul 2008 16:48:55 +0000

@ darknet, a follow up perhaps to the kaminsky story.

“HD Moore has been pwned. That’s hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack.It happened on Tuesday morning, when Moore’s company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what’s known as a cache poisoning attack on a DNS server on AT&T’s network that was serving the Austin, Texas, area. One of BreakingPoint’s servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore’s company.When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.

No BreakingPoint computer was actually compromised by the incident, but it was still pretty annoying.In early July, computer security experts began warning this type of cache poisoning attack could be pulled off much more easily than previously thought, thanks to a new technique. Early last week, technical details of this attack were leaked to the Internet, and HD Moore’s Metasploit project quickly released the first software that exploited this tactic.

Now he’s one of the first victims of such an attack. “It’s funny,” he joked, “I got owned.”Things may not be so funny to ISPs who are scrambling to roll out patches to their DNS software before these attacks become more widespread.”

By: Navin

Navin — Thu, 31 Jul 2008 16:07:25 +0000

Offtopic:Hey I might have just figured it out……I mean the reason why all of us are constantly getting this WS-Spamfree error page while posting comments. Get ready for this…….Its because we use Firefox. i know this may sound absolutely unbelievable and probably wrong (coz I dunno what browser U guys use) but this actually worked for me. I tried commenting with firefox on four different articles on darknet and another wordpress blog which uses the same spam filter multiple times and everytime I reached the Javascript/cookies appears to be turned on page. Then I copied my comments ont notepad and then tried posting them with Internet ~~exploDer~~ explorer and guess what…. all of them got posted without any problems whatsoever!! Try it and tell me if I’m right please. If this posts successfully the first time, it’ll be the 6th consecutive comment (both blogs combined) which has een passed by WP-Spamfree as non-spam. Hmm….. Darknet’s been anti IE for as long as I can remember and its ironic tht something like this happens on this very blog…hehe

By: Morgan Storey

Morgan Storey — Thu, 31 Jul 2008 14:56:59 +0000

eeeep. Well all my companies DNS servers and NAT devices are already patched, thanks to my incessant rss reading.
So now it is in metaslpoit, DNS behind nat, that just increments the number by one is going to be pwned, awesome, note to router vendors, release a patch.

By: zupakomputer

zupakomputer — Thu, 31 Jul 2008 13:25:15 +0000

Right - so, as should have been part of the default design in the first place, ANY nameserver that holds information on what domains are linked to what IPs should ENSURE that their information held matches the ICANN data on the root servers. They should be checking that.

That doesn’t mean anyone with an IP won’t be able to host their own services from home and would have to register a domain or anything, but it does mean that if you do register a domain and redirects, then there’s zero possibility of your domains being linked to IPs that are not your IPs.