Language Selection

English French German Italian Portuguese Spanish

Poisoned web poses risk to security

Filed under

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic.

In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts.

This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but it had limited impact and security patches eliminated the problem.

Now new loopholes have opened and poisoning appears to be back. This time experts can't be sure how much damage it might do. "We see the combination of DNS poisoning with other hostile actions as having a serious impact," says Swa Frantzen, a Belgium-based volunteer member of the SANS Internet Storm Center. "I think it's going to slowly die out," says Joe Stewart of net security company Lurhq in Chicago.

Internet poisoning returned to the fore in early March, when DNS software provided by antivirus firm Symantec was found to have a bug that made poisoning possible. Weeks later, the SANS centre uncovered a second spate of poisonings, but this time it was due to a security loophole.

Companies can protect themselves by switching to BIND 9, which will not accept or pass on poisoned information. But Gerhard Eschelbeck of the internet security company Qualys in Redwood Shores, California, says the problem may not be over. "I would not rule anything out. There are other creative ways that attackers can find to poison the DNS," he says. And poisoning is a much bigger deal than it was in the early days, because hackers can now use the technique to introduce "malware" onto servers and PCs, says Frantzen.

Full Story.

More in Tux Machines

Software: Corebird, RawTherapee, LVFS and More

Red Hat and Fedora: Red Hat Enterprise Linux 8 Alpha, Results Imminent, Fedora Atomic Workstation and More

Ubuntu and Mint Leftovers

  • Ubuntu 18.04's Automatic Suspend Shows Linux Suspend Can Still Be An Issue In 2018
    One of the subtle changes that seemed to have been made during the Ubuntu 18.04 development cycle is automatic suspend now being enabled by default on desktop systems. Automatic suspend is flipped on with Ubuntu 18.04 desktop after a twenty minute delay of being idle, at least on several systems I've been running the daily Bionic Beaver with this month.
  • Bid “bonjour” to our Bionic Beaver!
    Along with a sneak preview of our official Bionic mascot, it’s a short update this week as we’re all heads-down in bug fixing mode. There are a couple of links to check out if you’re interested in what sort of data we want to collect about hardware and setup, with links to the source.
  • MintBox Mini 2
    Based on the Compulab Fitlet2, the new Mini is just as small as the original MintBox Mini and the MintBox Mini Pro but with much better specifications, better performance and a few more features.

Android Leftovers

  • Android tips and tricks: 10 great ways to boost your phone experience
  • About the privacy of the unlocking procedure for Xiaomi’s Mi 5s plus
    First, you got to register on Xiaomi’s website, and request for the permission to unlock the device. That’s already bad enough: why should I ask for the permission to use the device I own as I am pleased to? Anyway, I did that. The procedure includes receiving an SMS. Again, more bad: why should I give-up such a privacy thing as my phone number? Anyway, I did it, and received the code to activate my website account. Then I started the unlock program in a virtualbox Windows XP VM (yeah right… I wasn’t expecting something better anyway…), and then, the program tells me that I need to add my Xiaomi’s account in the phone. Of course, it then sends a web request to Xiaomi’s server. I’m already not happy with all of this, but that’s not it. After all of these privacy breaches, the unlock APP tells me that I need to wait 72 hours to get my phone to account association to be activated. Since I wont be available in the middle of the week, for me, that means waiting until next week-end to do that. Silly…
  • You Can Now Try Android Games Without Downloading Them
    Tired of downloading games only to realize they suck? Google Play Instant might mean never doing that again.
  • Plex for Android Will Soon Let You Cast Your Own Videos to Chromecast