skip navigation

www.Hilands.com


Content:: Security

DNS Cache Poisoning DNS Cache poisoning has gained publicity in July 2008. Dan Kaminsky website has more information along with some testing tools.

Most everyone knows what phishing is, most everyone has recieved an email stating there online account at xyz.com has some issue. Because of this issue they need your login name or password. The email appears to be quit legitimate, but instead of pointing to you hilands.com they will point you to hilandscom.net where hilandscom.net is ran by a rouge phisher. After going to the site the phishers rely on a user to assume everything is legit and type in a user name and password.

Now imagine... all the phishers need to do is taint a DNS caching server and create a fake website that looks like the real one. Most computer users that connect to the internet will use and DNS caching server provided by there ISP. If your ISP does not patch the DNS servers their clients use all of there users could be at risk. Say hilands.com runs on 10.10.10.50 and rouge phisher server runs on 10.50.10.100. If the DNS cache is poisoned hilands.com can be routed to the phisher server of 10.50.10.100 instead.
XSS and Dynamic website code exploitation Cross Site Scripting (XSS) has been popular in 2008, especially at the begining of the year. Dynamic code on a website has become quite popular. Institutions have been moving more and more of there collaberative software to web based systems. Programmers are a dime a dozen, a professional dynamic website programmer is in competition with low ball prices and inexperienced programmers taking a large portion of the business. With this influx of inexperienced has come more exploitable code running on the servers. Lined up with website data stored in databases has allowed exploiters the ability to write data to these databases. The rouge code inside these databases has allowed these exploiters to attached javascript, iframes and other inline links to display scripts from alternative servers. Most of the code has been targeted at windows active x exploitation allowing popular, normally secure, websites to infect there users with malicious software. The term Drive by Download has been coined due to the speed in which these systems are infected. Like a drive by shooting all the user has to do is be in the wrong place at the wrong time to be attacked.