cancel
Showing results for 
Search instead for 
Did you mean: 

Internet security breach tackled

Bob_Milton
Grafter
Posts: 688
Registered: 31-07-2007

Internet security breach tackled

http://news.bbc.co.uk/2/hi/technology/7496735.stm
Quote
The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.
42 REPLIES
Community Gaffer
Community Gaffer
Posts: 12,850
Thanks: 669
Fixes: 64
Registered: 04-04-2007

Re: Internet security breach tackled

Slashdot article here. You'll notice if you use the DNS checker that our caching servers are shown as vulnerable. This is something we're aware of and it has been raised accordingly with our Network Operations team.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Bob_Milton
Grafter
Posts: 688
Registered: 31-07-2007

Re: Internet security breach tackled

From a Securosis webpage,
Quote
The good news is that due to the nature of this problem, it is extremely difficult to determine the vulnerability merely by analyzing the patches; a common technique malicious individuals use to figure out security weaknesses. Unfortunately, due to the scope of this update it’s highly likely that the vulnerability will become public within weeks of the coordinated release. As such, all individuals and organizations should apply the patches offered by their vendors as rapidly as possible


After reading the BBC article,I found that there were downloads available
Bob,
This may be a bit cheeky but could PlusNet warn of/publicise this problem in one way or another?
Community Gaffer
Community Gaffer
Posts: 12,850
Thanks: 669
Fixes: 64
Registered: 04-04-2007

Re: Internet security breach tackled

I'm not sure publishing an article regarding the vulnerability would be wholly appropriate until we've fully applied all the necessary patches etc. The last thing I'd want to do is cause unnecessary alarm.
As you point out, the threat is somewhat mitigated at present until malicious individuals identify the security weaknesses.
I'll see if I can get something drafted for the Community Site nonetheless just to say that we're addressing/have addressed the issue, and to advise customers to update their windows installs.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Bob_Milton
Grafter
Posts: 688
Registered: 31-07-2007

Re: Internet security breach tackled

Sorry Bob,
I wasn't clear enough in my suggestion.
What I should have said was could people be advised to check that they are up to date etc.
Community Gaffer
Community Gaffer
Posts: 12,850
Thanks: 669
Fixes: 64
Registered: 04-04-2007

Re: Internet security breach tackled

If you do download the latest Windows update then be mindful of this if you use ZoneAlarm. Look like Microsoft's DNS patch is causing issues. Our support guys are getting quite a few calls about it.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Bob_Milton
Grafter
Posts: 688
Registered: 31-07-2007

Re: Internet security breach tackled

Bob,
Thanks. I have downloaded the updates. On installation there was a Zone Alarm pop-up to check permission for the programme to proceed.
From there everything went OK.
Community Gaffer
Community Gaffer
Posts: 12,850
Thanks: 669
Fixes: 64
Registered: 04-04-2007

Re: Internet security breach tackled

Quote from: Bob
Slashdot article here. You'll notice if you use the DNS checker that our caching servers are shown as vulnerable. This is something we're aware of and it has been raised accordingly with our Network Operations team.

I believe the check should come back clear now thanks to some sterling work from our Net Ops Team.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 3,789
Registered: 08-06-2007

Re: Internet security breach tackled

Nice - and with no disruption to service too Smiley
*cheer* Networks Wink
B.
N/A

Re: Internet security breach tackled

Quote from: Bob
Quote from: Bob
Slashdot article here. You'll notice if you use the DNS checker that our caching servers are shown as vulnerable. This is something we're aware of and it has been raised accordingly with our Network Operations team.

I believe the check should come back clear now thanks to some sterling work from our Net Ops Team.


Hmmm...
Your name server, at 212.159.6.102, appears vulnerable to DNS Cache Poisoning.
Community Gaffer
Community Gaffer
Posts: 12,850
Thanks: 669
Fixes: 64
Registered: 04-04-2007

Re: Internet security breach tackled

My bad. Testing's held things up a little. We've done 3 of the resolvers and have another 11 to do tomorrow.
pcl-cachedns03 + pcl-cachedns04 + pth-cachedns02 have been done so far - they answer some of the requests on 212.159.13.49 212.159.13.50 and 212.159.6.10, respectively.
212.159.6.9 will still fail the check every time.
Sorry for jumping gun! Embarrassed

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 19,099
Thanks: 434
Fixes: 21
Registered: 31-08-2007

Re: Internet security breach tackled

Doxpara checker - Your name server, at 212.159.6.113, appears vulnerable to DNS Cache Poisoning.
MickKi
Grafter
Posts: 543
Registered: 30-09-2007

Re: Internet security breach tackled

Please put my mind at rest . . . you haven't been running BIND8 . . . are you?!!   Shocked
I see that you have now randomised your ports:
208.69.34.8:25245 TXID=29462
208.69.34.8:25523 TXID=15096
208.69.34.8:22959 TXID=10678
208.69.34.8:25554 TXID=31724
208.69.34.8:28497 TXID=16037

As a matter of fact I am shocked to find out that Yahoo! were/are running seriously obsolete software with well known, announced and upgraded long since, vulnerabilities.  The doxpara.com article mentions that DJB (of DjbDNS fame) had mentioned this vulnerability 8 years ago.  Even with random ports though some level of vulnerability remains - DNSSEC is the only definitive solution (rather than improving forgery resilience with randomised ports), albeit not realistic as an immediate deployment.
Community Veteran
Posts: 1,571
Thanks: 3
Registered: 13-04-2007

Re: Internet security breach tackled

Its worth noting that home routers are susceptible as often they are set as the dns server on the local pc
Bob_Milton
Grafter
Posts: 688
Registered: 31-07-2007

Re: Internet security breach tackled

Bob Pullen,
I have been puzzled as I have had no trouble at all with my Zone Alarm Security Suite.
Your status email of 11.34 has given me a clue.
I am using version 7.1.248.000 which is for Windows Vista, the problems seem to be in the version for Windows XP ?Huh