New DoS Vulnerability Affects All Versions of BIND 9
ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level.
Via: Slashdot
DroneBL DDosed by DSL Modems and Routers infected by Botnet Worm
“The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts.”
Poorly configured devices that allow remote administration access from the WAN side, combined with weak passwords for root, appears to be the reason for the successful proliferation of the worm.
Via Slashdot
New rogue DHCP server malware
at 10:00 pm
on March 16, 2009
in Data Centers, Development, Programming, Security, Tellicommunications
no comments
A bold new type of malware has been identified. Its attack vector is based on hijacking the DNS settings for devices on a local area network. Any device regardless of operating system that depends on an internal or external name server can be affected.
The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.
Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.
This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.
More details can be found at SANS
Ruan is a resolute technophile that is currently devoted to the professional practice of Information Technology Management. In his free time Ruan pursues various interests including the study of Information Security practices and the exploration of visual culture through contemporary photography and communication design.
- IBM embraces Firefox, adopts it internally
9:54 am, July 5, 2010 - Canada Post warns of fraudulent email
7:18 pm, April 26, 2010 - Bank Employee Plants Malware on ATMs
11:46 am, April 9, 2010 - University of Cambridge discovers Chip and PIN verification “wedge” vulnerability
11:41 am, February 15, 2010 - The EU and UK Have Less Open Wireless WiFi Broadband Hotspots Than USA
11:43 am, January 8, 2010