AT RISK – Firewall Vendors, ISPs, Email, Password retrieval + a Hacker’s view of exploits

It’s getting worse.
What was once a vague threat of eavesdropping, if you didn’t encrypt your email, has reached over into areas where many of us, from consumers to tech providers (of security hardware, no less) once felt fairly safe.

The following stories appeared in August :

Firewall Vendors Scramble to Fix Problems with DNS Patch

August 4, 2008 (IDG News Service) Nearly a month after a critical flaw in the Internet’s Domain Name System was first reported, vendors of some of the most widely used firewall software packages are scrambling to fix a problem that can essentially undo portions of the patches that address this bug.

The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium.

Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn’t completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.

This could lead to virtually undetectable phishing attacks against users of those DNS servers.

Full Article:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111500&intsrc=hm_ts_head

SMALLER ISP’s AT RISK:

Security expert: DNS Attacks are Happening

http://news.cnet.com/8301-1009_3-10022303-83.html

Email – “Forgot your password? Send it to a hacker.”

http://www.cnn.com/2008/TECH/biztech/08/06/internet.security.ap/index.html

Finally,

what hackers are probing and leveraging…

http://topics.cnn.com/topics/hackers

…. when they’re not just trying to shut you down, wholesale…

http://nirlog.com/2006/03/28/dns-amplification-attack/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: