Language Selection

English French German Italian Portuguese Spanish

Poisoned web poses risk to security

Filed under
Web

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic.

In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts.

This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but it had limited impact and security patches eliminated the problem.

Now new loopholes have opened and poisoning appears to be back. This time experts can't be sure how much damage it might do. "We see the combination of DNS poisoning with other hostile actions as having a serious impact," says Swa Frantzen, a Belgium-based volunteer member of the SANS Internet Storm Center. "I think it's going to slowly die out," says Joe Stewart of net security company Lurhq in Chicago.

Internet poisoning returned to the fore in early March, when DNS software provided by antivirus firm Symantec was found to have a bug that made poisoning possible. Weeks later, the SANS centre uncovered a second spate of poisonings, but this time it was due to a security loophole.

Companies can protect themselves by switching to BIND 9, which will not accept or pass on poisoned information. But Gerhard Eschelbeck of the internet security company Qualys in Redwood Shores, California, says the problem may not be over. "I would not rule anything out. There are other creative ways that attackers can find to poison the DNS," he says. And poisoning is a much bigger deal than it was in the early days, because hackers can now use the technique to introduce "malware" onto servers and PCs, says Frantzen.

Full Story.

More in Tux Machines

The 2016 Open Source Jobs Report

Red Hat News

  • Want to work in Release Engineering in Europe?
    Red Hat Release Engineering is hiring in Europe.
  • Red Hat targets midmarket with Keating, Tech Data partnerships
    Red Hat Canada has unveiled a new approach to reach the lower end of the enterprise and the upper midmarket in partnership with Keating Technologies and Tech Data Canada. Under the program, Keating will work with the vendor to uncover and qualify leads in the $500 million to $1.0 billion market. Once fully developed, those leads will be handed over to existing Red Hat Canada partners to close the deal, and will be fulfilled through Tech Data.
  • Gulf Air creates private cloud to support open-source big data engine
    Bahrain’s national carrier is using Red Hat Enterprise Linux, Red Hat JBoss Enterprise Application Platform, and Red Hat Storage as a platform for its Arabic Sentiment Analysis system, which monitors people’s comments through their social media posts.
  • Fedora Pune meetup April 2016
    I actually never even announced the April meetup, but we had in total 13 people showing up for the meet. We moved the meet to my office from our usual space as I wanted to use the white board. At beginning I showed some example code about how to write unittests, and how are we using Python3 unittests in our Fedora Cloud/Atomic images automatically. Anwesha arranged some soft drinks, and snacks for everyone.

Android Leftovers

“LEDE” OpenWrt fork promises greater openness

A “Linux Embedded Development Environment” (LEDE) fork of the lightweight, router-oriented OpenWrt Linux distribution vows greater transparency and inclusiveness. Some core developers of the OpenWrt community has forked off into a Linux Embedded Development Environment (LEDE) group. LEDE is billed as both a “reboot” and “spinoff” of the lightweight, router-focused distribution that aims to build an open source embedded Linux distro that “makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers.” Read more