DNS Exploit in the Wild

[Jeff7]

Originally posted by: StarsFan4Life
So is this no longer an issue? I can't believe it's not all over the news....I bet if it was, PEOPLE would panic, call their ISP and after a million calls they would finally fix it.

Most of the article would be spent just explaining most of the technical details:
- What is a modem?
- What is a router?
- What is DNS?
- How is data sent on the Internet?
- What is a webhost?
- What is a domain?

And that assumes that the people writing the articles even have any clue what they're talking about, which isn't too likely.

 

[larry89]

You guys think Wellsfargo site is patched? just recently did some online transfers around 22nd..

 

[notionless]

I had some trouble logging into Amex the other day (but not other bank/credit card sites), but didn't think much about it until I found out about this bug. Check my ISP, it said it was vulnerable, so I read about OpenDNS and switched to that. Slightly concerned about it, but a couple of points make me feel better. Am I right about...

1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

2. So that has me concerned about my Amex experience. If it was compromised, a failed login seems like the reasonable outcome of trying to log in. But the bad guy would only have my (and thousands of others) username/password. After switching DNS, I changed all my passwords. Odds are the bad guy hasn't tried my login yet and now that I changed the password, it is useless info.

Anyway, I'll keep a look out of any odd transactions, but I think I'm safe. At least as safe as I've ever been.

 

[spidey07]

Originally posted by: notionless
I had some trouble logging into Amex the other day (but not other bank/credit card sites), but didn't think much about it until I found out about this bug. Check my ISP, it said it was vulnerable, so I read about OpenDNS and switched to that. Slightly concerned about it, but a couple of points make me feel better. Am I right about...

1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

2. So that has me concerned about my Amex experience. If it was compromised, a failed login seems like the reasonable outcome of trying to log in. But the bad guy would only have my (and thousands of others) username/password. After switching DNS, I changed all my passwords. Odds are the bad guy hasn't tried my login yet and now that I changed the password, it is useless info.

Anyway, I'll keep a look out of any odd transactions, but I think I'm safe. At least as safe as I've ever been.

If the site was using two way authentication (you know, the verify the image stuff) then you are fine. If not, then you are not.

 

[fishjie]

Originally posted by: notionless
1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

wouldn't it be possible for him to spoof the login site, then redirect with those credentials to the real site?

 

[Jeff7]

Originally posted by: fishjie

Originally posted by: notionless
1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

wouldn't it be possible for him to spoof the login site, then redirect with those credentials to the real site?

Or else it'll say something like, "Site is down for maintenance, sorry for the inconvenience, please try again later."

Plus, trying to log in as a way to find out if the site is legit is kind of a bad way of doing it.

 

[ViRGE]

Time to cower, ISPs are confirmably being attacked. AT&T's Dallas DNS server was poisoned yesterday, the thieves hijacked Google and who knows what else.

 

[Robor]

Yikes. Just checked my ISP (Verizon FIoS)...

Your name server, at x.x.x.x, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 41. Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds.

 

[TallBill]

Just switched to OpenDNS, wish I would have know about it a while ago.

 

[StarsFan4Life]

How do you like this - "DNS Attack Writer victim of his own medicine"

http://www.networkworld.com/ne...k-writer-a-victim.html

This is no longer funny and is certainly a much more serious problem now.

 

[RESmonkey]

Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

 

[Blayze]

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

Facebook seems fine here. I'm using Opera though.

 

[Fenixgoon]

Your ISP's name server,xxxxxxxxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.

 

[TallBill]

Originally posted by: Blayze

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

Facebook seems fine here. I'm using Opera though.

You apparently don't understand the problem.

 

[Blayze]

Originally posted by: TallBill

Originally posted by: Blayze

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

Facebook seems fine here. I'm using Opera though.

You apparently don't understand the problem.

No not completely. I just know my ISP showed that it wasn't patched according to the tests and I switched to OpenDNS. I'm also watching to make sure nothing seems "odd" when visiting sites. Thats really all I know to do.

I know if his login info wasn't stored it could be possible he wasn't actually on the Facebook site. I was just saying that I haven't seen that using Facebook and OpenDNS.

 

[moparacer]

Hard to believe this has been out all this time and I just heard the first talk of it on the 12:00 radio news today.....

 

[Dessert Tears]

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

I found that I could force SSL prior to entering login information by going to https://www.facebook.com/.

 

[spidey07]

Originally posted by: moparacer
Hard to believe this has been out all this time and I just heard the first talk of it on the 12:00 radio news today.....

It's security people that are freaking out about it because we know what CAN happen.

 

[Jeff7]

Originally posted by: TallBill

Originally posted by: Blayze

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

Facebook seems fine here. I'm using Opera though.

You apparently don't understand the problem.

Oh I do hope someone hijacks Facebook.
And I hope they can't get it back online for a full week.

Scum of the Internet: Get to work.

 

[IEC]

Originally posted by: Jeff7

Originally posted by: TallBill

Originally posted by: Blayze

Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.

Facebook seems fine here. I'm using Opera though.

You apparently don't understand the problem.

Oh I do hope someone hijacks Facebook.
And I hope they can't get it back online for a full week.

Scum of the Internet: Get to work.

Times logged in in past 3 months: Maybe 3.

Yeah, I don't get the fixation people have with it. It's a decently convenient way to keep in touch with people, but is still terrible.

 

[fishjie]

well, i logged in to my ing-direct account and almost had a heart attack when i saw that they had changed the login ui. they even had text that said - "we have changed the login ui" which seemed real suspect given the timing. but their login shows a secret image and phrase that only i know to verify that its not a spoofed site, so i think its ok.

also facebook is awesome don't hate. i'm still going to use it regardless.

 

[Jeff7]

Originally posted by: fishjie
well, i logged in to my ing-direct account and almost had a heart attack when i saw that they had changed the login ui. they even had text that said - "we have changed the login ui" which seemed real suspect given the timing. but their login shows a secret image and phrase that only i know to verify that its not a spoofed site, so i think its ok.

also facebook is awesome don't hate. i'm still going to use it regardless.

It's not like you've got much to lose.

"Oh god no!!!! They stole my Facebook password!!!! I'm going to lose.......nothing of value. Huh."

versus

"I think someone just got my bank account login. Oh crap."

 

[Rockinacoustic]

I'd be ecstatic if someone took my facebook away from me.

 

[potato28]

Originally posted by: Rockinacoustic
I'd be ecstatic if someone took my facebook away from me.

Same, nothing of real value.

 

[IEC]

I almost panicked when I got locked out of my CC online access due to too many "failed login attempts". Almost.

Then I realized I'd changed the password a few days ago. D'oh!