Language Selection

English French German Italian Portuguese Spanish

Poisoned web poses risk to security

Filed under
Web

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic.

In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts.

This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but it had limited impact and security patches eliminated the problem.

Now new loopholes have opened and poisoning appears to be back. This time experts can't be sure how much damage it might do. "We see the combination of DNS poisoning with other hostile actions as having a serious impact," says Swa Frantzen, a Belgium-based volunteer member of the SANS Internet Storm Center. "I think it's going to slowly die out," says Joe Stewart of net security company Lurhq in Chicago.

Internet poisoning returned to the fore in early March, when DNS software provided by antivirus firm Symantec was found to have a bug that made poisoning possible. Weeks later, the SANS centre uncovered a second spate of poisonings, but this time it was due to a security loophole.

Companies can protect themselves by switching to BIND 9, which will not accept or pass on poisoned information. But Gerhard Eschelbeck of the internet security company Qualys in Redwood Shores, California, says the problem may not be over. "I would not rule anything out. There are other creative ways that attackers can find to poison the DNS," he says. And poisoning is a much bigger deal than it was in the early days, because hackers can now use the technique to introduce "malware" onto servers and PCs, says Frantzen.

Full Story.

More in Tux Machines

The 9 best distros for KDE’s Plasma desktop

While it's possible to install 'KDE' software and Plasma desktop on most Linux based distributions, I have picked the distros which offer Plasma as their default desktop environment. These 'KDE-based' distros offer a better Plasma experience compared to those where you can 'also' install KDE. At some point in time I have used each of these distros as my primary OS except for Mageia and Open Mandriva, which I tried but never used due to uncertainty around their future. Read more

Snag the Android Auto compatible Pioneer AVH-4100NEX for just $570 from Amazon

While the unit carries an MSRP of $700, Amazon's deal marks it down from its previous list price of $849.99. While it's still a tad expensive, the discount makes it a bit easier to get some Android Auto into your car. In case you've somehow managed to avoid any mention of Android Auto up until now, it allows you to connect any Android device running on Android 5.0 Lollipop with the relatively new Android Auto app in order to use it to control everything from navigation to music and phone calls. Read more

A Data-Driven Look at the Open Source E-Commerce Market

Compared to Q4 2013, last quarter’s US online sales rose 14.6 percent to a staggering $79.6 billion dollars. This accounted for 6.7 percent of the total US retail sales market. Major trends fueling this growth include the proliferation of mobile devices, faster online checkout flows and improved fulfillment practices. The availability of open source e-commerce platforms is helping some offline business with the move online. Much like WordPress provides free, customizable CMS solutions, popular open source e-commerce platforms like WooCommerce, Magento and PrestaShop offer a variety of pre-built templates and plugins that DIY retailers can customize to build and grow an online business from scratch. Read more

Tiny WiFi-loaded OpenWRT COM starts at $12

OpenEmbed launched a 52 x 28mm “SOM9331″ COM for IoT that runs OpenWRT Linux on a MIPS-based Atheros AR9331 SoC, and offers WiFi and extended temperatures. Shenzhen OpenEmbed M&C Ltd (OpenEmbed) has introduced a tiny MIPS-based computer-on-module starting at $12 and aimed at home automation, wearables, medical devices, toys, and industrial router and sensor devices. Read more