In a recent report released by Trusteer, security researcher Amit Klein has cracked BIND's random number generator and demonstrated a new attack affecting most Internet users. In this "DNS Forgery Pharming" attack fraudsters can remotely force consumers to visit fraudulent websites without compromising any computer or network device.
The report advises ISPs and Enterprises managing a BIND 9 DNS server in a caching configuration to apply the latest patch released by the ISC. Existing desktop security solutions cannot protect against this type of attacks since DNS forgery pharming does not involve the user's computer or the DNS server but rather the cached data on the DNS server.
Read full story: External Source
Related topics: Cyberattack, Cybercrime, DNS, Security
To post comments, please login or create an account.
DNS SecuritySponsored byAfilias | |
Top-Level DomainsSponsored byMinds + Machines | |
SecuritySponsored byVerisign | |
MobileSponsored bydotMobi | |
IPv6Sponsored byNominum | |
DNSSponsored byNeustar UltraDNS |
This issue makes me worry much more about the huge number of root certificates that ship with the major browsers and OSes. Why do I need to have 50 root certificates? Seems like it would be better to get rid of most of them. I wouldn't be surprised if I can get a cert for www.bankofamerica.com from, say Equifax, or one of the other of dozens of CAs, even though verisign has already issued one. All I'd need to do is launch a DNS poisoning attack on the CA's DNS servers. Hmm… maybe I should keep my mouth shut. AFAIK, there are no plans or efforts to prevent or detect such occurrences. (Other than the enhanced security cert push, and I haven't noticed any of the major players upgrading to these certs.)