Language Selection

English French German Italian Portuguese Spanish

Poisoned web poses risk to security

Filed under
Web

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic.

In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts.

This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but it had limited impact and security patches eliminated the problem.

Now new loopholes have opened and poisoning appears to be back. This time experts can't be sure how much damage it might do. "We see the combination of DNS poisoning with other hostile actions as having a serious impact," says Swa Frantzen, a Belgium-based volunteer member of the SANS Internet Storm Center. "I think it's going to slowly die out," says Joe Stewart of net security company Lurhq in Chicago.

Internet poisoning returned to the fore in early March, when DNS software provided by antivirus firm Symantec was found to have a bug that made poisoning possible. Weeks later, the SANS centre uncovered a second spate of poisonings, but this time it was due to a security loophole.

Companies can protect themselves by switching to BIND 9, which will not accept or pass on poisoned information. But Gerhard Eschelbeck of the internet security company Qualys in Redwood Shores, California, says the problem may not be over. "I would not rule anything out. There are other creative ways that attackers can find to poison the DNS," he says. And poisoning is a much bigger deal than it was in the early days, because hackers can now use the technique to introduce "malware" onto servers and PCs, says Frantzen.

Full Story.

More in Tux Machines

Devices/Mobile

  • AsteroidOS is an Open Source OS for Smartwatches
    Florent Revest is a French computer science student who has been working on an open source operating system for smartwatches for the last two years. Yesterday, he officially launched version 1 of the alpha for AsteroidOS. The goal for the platform was to create something that gave smartwatch owners more control over their privacy, as well as the hardware they purchased. Florent feels that the current proprietary platforms do not guarantee this, and this was the basis for AsteroidOS. He wanted his open source smartwatch operating system to provide freedom with free software, more privacy than other wearable platforms offer, interoperability so it could communicate with other devices, modularity that enabled the user to tweak and change the OS as they see fit, the ability to port the software to as many devices as possible, and gathering a community who is passionate about the platform.
  • AsteroidOS Brings Open Source Functionality To Smartwatches
    Smartwatches may not have taken off like companies were hoping, but they have come quite far in terms of what they can offer and what sorts of features are available for the many different models of smartwatches that are out there. Even with the updated functionality of options like Samsung’s Gear S lineup and Android Wear platforms, though, smartwatches can still feel a little bit limiting, and part of this undoubtedly includes the reason that the operating systems aren’t as open as platforms like Android. That is now changing thanks to a platform called AsteroidOS which is an open source operating system for smartwatches.
  • Mini Apollo Lake module takes the heat — and the cold
    Congatec’s “Conga-MA5” is a Linux-ready COM Express Compact Type 10 Mini module with Apollo Lake SoCs, up to 128GB eMMC 5.1, and -40 to 85°C support. Congatec was one of the first embedded vendors to announce computer-on-modules based on Intel’s Atom E3900 and other Apollo Lake Pentium and Celeron SoCs. The offerings included a Qseven module, a SMARC 2.0 module, and a COM Express Compact Type 6 Conga-TCA5. The company has now followed up with a COM Express Compact Type 10 Mini Conga-MA5 module.
  • Top 20 Best Tizen Apps for November 2016, Tizen Smartphone
  • Smartphone game: Indian Football League game comes to the Tizen Store

Security News

Red Hat and Fedora

Technical
  • Red Hat Takes OpenShift Dedicated to Google Cloud Platform
    Red Hat has steadily taken significant steps in the cloud computing arena, expanding the focus of its OpenShift open source Platform-as-a-Service hybrid cloud computing offering, including launching a cloud-hosted commercial edition called OpenShift Online. Now, the company has announced the availability of OpenShift Dedicated on Google Cloud Platform. The new offering brings Red Hat’s container platform as a managed service offering to enterprise customers who want to build, launch, and manage applications on OpenShift Dedicated with Google Cloud Platform as their underlying cloud infrastructure. With the availability of OpenShift Dedicated on Google Cloud Platform, users can speed adoption of containers, Kubernetes, and cloud-native application patterns, according to Red Hat. Users also get access to Google’s global, container-optimized infrastructure and can more easily augment their applications with Google’s ecosystem of data analytics, machine learning, compute, network, and storage services.
  • Red Hat Launches OpenShift Dedicated on Google Cloud Platform
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced the general availability of OpenShift Dedicated on Google Cloud Platform. The new offering brings Red Hat’s award-winning container platform as a managed service offering to enterprise customers who want to build, launch, and manage applications on OpenShift Dedicated with Google Cloud Platform as their underlying cloud infrastructure. With the availability of OpenShift Dedicated on Google Cloud Platform, users can speed adoption of containers, Kubernetes, and cloud-native application patterns, benefiting from Red Hat’s deep enterprise experience. Users also benefit from Google’s global, container-optimized infrastructure and can more easily augment their applications with Google’s ecosystem of data analytics, machine learning, compute, network, and storage services.
  • Image Gallery: Synnex Cloud Catalyst Conference Featuring Red Hat, XMedius, Plantronics
Financial Fedora/Community
  • Fedora 23 End of Life
    With the recent release of Fedora 25, Fedora 23 will officially enter End Of Life (EOL) status on December 20th, 2016. After December 20th, all packages in the Fedora 23 repositories will no longer receive security, bugfix, or enhancement updates, and no new packages will be added to the Fedora 23 collection. Upgrading to Fedora 24 or Fedora 25 before December 20th 2016 is highly recommended for all users still running Fedora 23.
  • What Is Wayland and What Does It Means for Linux Users
    Fedora 25 is now out. People are buzzing, as the team have decided to make Wayland the default graphical session going forward. For many Linux users Wayland is a new term that has popped up, but one that they do not understand. In this article we’ll briefly go over what Wayland is, what it does, and why developers are flocking to it in droves! What exactly is Wayland? Let’s find out!
  • Korora 25 is Ready
    The Korora Project has released version 25 (codename "Gurgle") which is now available for download. As usual, you can find a list of already known problems at the common F25 bugs page.
  • Fedora Design Interns Update
  • Holiday Break 2016.
    It’s sad I don’t get more time to post here these days. Being a manager is a pretty busy job, although I have no complaints! It’s enjoyable, and fortunately I have one of the best teams imaginable to work with, the Fedora Engineering team.

openSUSE Says Goodbye to AMD/ATI Catalyst (fglrx) Proprietary Graphics Drivers

openSUSE developer Bruno Friedmann, informed the community of the openSUSE Linux operating system about the fact that he's planning to remove the old ATI/AMD Catalyst (also known as fglrx) proprietary graphics drivers. Read more