DNS Flaw Hits More Than Just the Web

gringer writes "Dan Kaminsky presented at the Black Hat conference in Las Vegas on Wednesday, and said that the DNS vulnerability he discovered is much more dangerous than most have appreciated. Besides hijacking web browsers, hackers might attack email services and spam filters, FTP, Rsync, BitTorrent, Telnet, SSH, as well as SSL services. Ultimately it's not a question of which systems can be attacked by exploiting the flaw, but rather which ones cannot. Then again, it could just be hype. For more information, see Kaminsky's power point presentation." Update: 08/07 19:48 GMT by T : There's also an animation of the progress of the patch.

wow

[mevets]

its almost like every service that uses hostnames might be affected.

Black Hat Hacker and Power Point

[tristian_was_here]

A black hat hacker using power point??? Next they will be making viruses for specifically for Windows...

Oh er? Never mind.

Don't believe the hype!

[192939495969798999]

Bah, there's no way that this DNS vulnerability affects any of us here! We're all up to speed on patc
+++
NO CARRIER

Re:Don't believe the hype!

[Stanistani]

*makes note not to visit devinmoore.com, as they seem to have some infrastructure problems*

To everyone on 216.34.181.45

[HungryHobo]

And they called me a fool when I refused to learn website names WHO'S LAUGHING NOW!!

Re:To everyone on 216.34.181.45

[Anonymous Coward]

WHOIS*

Re:SSH and SSL protected

[Anonymous Coward]

SSL will raise a certificate error unless they have some way of getting a fake cert.

Or if they've managed to re-route the Certificate Authority. But that would require some kind of hack against the Domain Name Serv-oh... never mind.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Surprised?

[LaminatorX]

This is why I've maintained a comprehensive /etc/hosts file since 1996. Every now and then it gets to be a bit large, so I periodically print it out and cache it to a shelf full of 3-ring binders.

Gopher

[dj245]

The three of us who still use Gopher are scared to death!

Re:To everyone on 216.34.181.45

[grnbrg]

      Domain Name: LAUGHINGNOW.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com/ [godaddy.com]
      Name Server: NS1.ACTIVEAUDIENCE.COM
      Name Server: NS2.ACTIVEAUDIENCE.COM
      Status: clientDeleteProhibited
      Status: clientRenewProhibited
      Status: clientTransferProhibited
      Status: clientUpdateProhibited
      Updated Date: 06-aug-2008
      Creation Date: 11-mar-2005
      Expiration Date: 11-mar-2009

Re:Litmus testing

[Anonymous Coward]

I doubt that the union of "people who think the web is the Internet" and "people who discover Slashdot and stick around" is more than a handful.

Actually, I imagine the union would be enormous. Perhaps you meant the intersection?

Re:Don't believe the hype!

[mrdoogee]

Its a stupid joke, alright. A no carrier signal looks nothing like when you say candlejack. We all know th

Re:Don't believe the hype!

[Zancarius]

Bah, there's no way that this DNS vulnerability affects any of us here! We're all up to speed on patc
+++
NO CARRIER

That's so last century. Here, let me fix it for you:

Bah, there's no way that this DNS vulnerability affects any of us here! We're all up to speed on patc
[GOATSE]

Re:wow

[idobi]

That's why I only navigate using IP addresses... damn kids with their domain names!

Get off my lawn!

Re:Litmus testing

[Just Some Guy]

Nah. Those are just the requirements for upmodding. You can still hang around otherwise, but we might not talk to you.

Power Point Presentation?

[jc42]

WTF? What geek or nerd would even read a PPP, much less trust anything in it?

And is it even possible to transfer actual information via Power Point? I've heard rumors that it can be done, but I don't think I've ever seen anyone actually do it.

To: UID 1314109 Re: CID 24512103

[Speare]

To: UID 1314109
Re: CID 24512103

I, UID 84249, am laughing now.

Re:Power Point Presentation?

[corbettw]

And is it even possible to transfer actual information via Power Point? I've heard rumors that it can be done, but I don't think I've ever seen anyone actually do it.

I saw a great Power Point presentation on that subject once, it was very convincing.

Re:wow

[rpmayhem]

I'll get off your lawn when I'm done digging point-to-point fiber from my house to my favorite websites. Forget DNS, I'm building my own internet.

Re:Litmus testing

[Plutonite]

Check the stories for horrifying editing mistakes.. if you don't find any by the end of the day, I guess we'll have to notify Taco about being owned.

Re:Litmus testing

[myowntrueself]

Rubber-soled platform soles and tinfoil bodysuits?

So those 1970's scifi series (such as Blakes' 7 and UFO) were actually prophetic!

Re:wow

[Dirtside]

Don't you mean, get off my 127.0.0.1?