Replies

Wow...I would thumb my nose at Windows and "feel" better for being a Linux bigot, but I just finished patching Linux based BIND DNS servers due to a very, VERY nasty exploit that's going on right now. I'll tell you the "meat-n-taters" of it so you'll understand why it's so ugly.

It's called a cache poisoning attack. It's based on the DNS server using weak cryptographic algorithms to generate random message numbers. The attacker guesses the right number, sends a crafted response and essentially can do things like make http://www.whitehouse.gov appear as http://www.mindspring.com. In other words, you put http://www.whitehouse.gov on your web browser's address bar, but you are sent to http://www.mindspring.com.

I know this sounds like a prank on the surface, but what if you were going to a site which requires authentication credentials, such as PayPal? Even if it's SSL encrypted, how many people click through SSL cert errors?! Even I've been guilty of that! So you might "think" that you're logging onto PayPal, but you could be logging onto a site which has been established for the sole purpose of gathering credentials.

Also...on a side note... e-mail can also be redirected using this technique. So you might "think" that you're sending e-mail to mybuddy@af.mil, but in fact, it's going to a "pick up point" and being gathered there. It's even possible to grab a copy on the way through and send it on to the correct af.mil mail servers, and maybe nobody will notice for awhile.

So anyway...that's been my excitement for the afternoon. :-) I fixed our stuff...but I know from experience that it will be weeks, and maybe even months before the rest of the planet catches up.