Announcement

Collapse
No announcement yet.

Welcome to phishing.co- I mean your bank! yourbank.com!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Welcome to phishing.co- I mean your bank! yourbank.com!

    Apparently, internets are really easy to hax right now.

    http://www.npr.org/templates/story/s...oryId=92956413

    A few months ago, Internet security expert Dan Kaminsky discovered a major problem with the basic wiring of the Internet — one that could easily be exploited by hackers. It has to do with what's known as the domain name system, or DNS.

    Kaminsky, who works for the Internet security company IO Active and is a consultant for Microsoft, tells Andrea Seabrook that he stumbled upon the flaw while tinkering with a way to make the Internet faster.

    "You want to talk sinking feelings," he says. "This was a bug that was going to take months and month and months of work."

    Essentially, the DNS contains a design flaw that could enable hackers to switch the Web site you're directed to when you type a URL into your Web browser. Without your knowledge, you could be transferred to a fake Web site that tries to steal your personal information.

    When Kaminsky discovered the problem, he called a secret meeting in March of some of the world's Internet giants — Microsoft, Cisco, Linux — in Redmond, Wash., to come up with a security patch.

    Why the big need for secrecy? "We all had something to lose," he says.

    To check whether your company or Internet service provider's DNS server has been patched, Kaminsky recommends taking these steps:

    Run the DNS server check at DNS Stuff or at Kaminsky's blog.

    If the server is vulnerable, Kaminsky suggests e-mailing your ISP or your company's IT department and encouraging them to add a patch. Kaminsky also recommends switching your personal computer to use OpenDNS, a free network service. More information and instructions are available at opendns.com.

    "The average consumer shouldn't have to worry about this," he says. "Right now, it's an open question whether the Internet that's being provided is the Internet that's actually what the customer expects."
    lagolakshmi on Guildwork :: Lago Aletheia on Lodestone

  • #2
    Re: Welcome to phishing.co- I mean your bank! yourbank.com!

    Well good thing they went and told everyone about it, just in case there were a few hackers that didn't know. Wouldn't want them to miss out on an opportunity just in case some DNS servers hadn't been patched yet.
    Callysto of RamuhCaithsith - 75 RDM / BRD / COR / PLD / WAR / SCH / DRK

    Formerly Callisto of Ramuh. | Retired 5.28.10

    Callisto Broadwurst of Palamecia

    Comment


    • #3
      Re: Welcome to phishing.co- I mean your bank! yourbank.com!

      That's why it was a secret. They wanted it fixed before it got discovered. But a boat this big was sure to develop some leaks on a Titanic scale.
      "And if he left off dreaming about you, where do you suppose you'd be?"

      Comment


      • #4
        Re: Welcome to phishing.co- I mean your bank! yourbank.com!

        Except they said it might not be all the way fixed for every ISP yet, lol. That's like the Secretary of Defense saying, "We had these huge security holes, and most have been covered up before the terrists found out, but there may still be 3 so see if you can find them!"
        Callysto of RamuhCaithsith - 75 RDM / BRD / COR / PLD / WAR / SCH / DRK

        Formerly Callisto of Ramuh. | Retired 5.28.10

        Callisto Broadwurst of Palamecia

        Comment


        • #5
          Re: Welcome to phishing.co- I mean your bank! yourbank.com!

          Callisto: This is common practice. Find a serious security hole, fix it, and then announce that it's fixed. Security through obscurity rarely works; it wouldn't have lasted long at all in this case.

          Comment


          • #6
            Re: Welcome to phishing.co- I mean your bank! yourbank.com!

            It's not fixed though. About 50% of ISPs are still vulnerable. But they didn't publicly announce it until there was a major leak about the problem anyway, which was inevitable considering how many large companies were involved.
            lagolakshmi on Guildwork :: Lago Aletheia on Lodestone

            Comment


            • #7
              Re: Welcome to phishing.co- I mean your bank! yourbank.com!

              Originally posted by Taskmage View Post
              It's not fixed though.
              Yes, it is. Whether the fix is implemented or not is irrelevant.

              Do you realize how many vulnerabilities are announced every day, which are open doors for crackers if you don't update your system constantly?

              Comment


              • #8
                Re: Welcome to phishing.co- I mean your bank! yourbank.com!

                I'm aware of that, but it's not like 'There was a Flash exploit, update your Flash player!', this is more like 'There was a DNS exploit, hope your ISP has updated!'. That's the part that bugged me.
                Callysto of RamuhCaithsith - 75 RDM / BRD / COR / PLD / WAR / SCH / DRK

                Formerly Callisto of Ramuh. | Retired 5.28.10

                Callisto Broadwurst of Palamecia

                Comment


                • #9
                  Re: Welcome to phishing.co- I mean your bank! yourbank.com!

                  Originally posted by Callisto View Post
                  I'm aware of that, but it's not like 'There was a Flash exploit, update your Flash player!', this is more like 'There was a DNS exploit, hope your ISP has updated!'. That's the part that bugged me.
                  They were notified in time to patch. This also doesn't just affect ISP's.
                  I use a Mac because I'm just better than you are.

                  HTTP Error 418 - I'm A Teapot - The resulting entity body MAY be short and stout.

                  loose

                  Comment

                  Working...
                  X