Create Free Account
 From time to time Stickley publishes articles on a broad range of security related issues. Included here are some of those articles. • Beware of "Pharming" attacks through DNS Cache vulnerabilities With the recent DNS cache vulnerability, many people have become concerned about their own risks associated with Pharming and Man in the Middle attacks. The attack itself allows a malicious individual to trick a DNS server into giving wrong information regarding a domain name lookup. So what does that mean? Let’s start with the basics. When you open your web browser and connect to a web site, your web browser is using domain names to find that page. For example, let’s say you type in www.google.com, the domain name is www.google.com and while that is easy for you to remember, it has to be translated to an address your computer can connect to on the Internet. To do that, you need a DNS server. Your computer makes a connection to a DNS server and asks how to contact the domain. The DNS server then returns what is known as an IP address. This numeric address is then used by your computer to make the actual connection. Of course all this happens transparently and all you see is the final connection to the web page you wanted to go to. Now, imagine that someone was able to compromise the DNS server and changed the IP address that it gave out for www.google.com. In that case you would type in www.google.com on your web browser but instead of going to Google, your computer would now go to the newly changed IP address. If the web page came up looking the same, you would have no idea that you were really in the wrong place. While changing Google’s site could cause problems, now imagine if the DNS for your financial institution was changed and even though you typed in the correct web address, instead you were sent to a malicious web site that was setup to look just like the real site. You type in your user name and password and next thing you know, your information has been compromised. While these types of attacks can be difficult to detect, there is a simple way that you can protect yourself and not become a victim. Never submit confidential information including user names and password to a web site that is not secured with encryption. When you visit a secured web site you will notice that the web address starts with https:// instead of http://. The S at the end of “https” stands for secure and it indicates that the web site is using encryption. In addition to encrypting the traffic of the web site you are visiting, the domain name is also being verified against the security certificate. What makes this important to you is that if a hacker attempts to put up a fake web site and you connect to it using the real domain name that starts with https://, the security certificate will be incorrect and your web browser will give you a warning that looks like this.  or  It’s important to note that different web browser warnings may look different but all represent the same thing which is that something is wrong with the security of the web site and you should be concerned about proceeding. If you are visiting a web site where you are required to submit confidential information, make sure the URL begins with https:// and if you receive a security warning, do not proceed. Instead close the web browser and contact the organization. While this may seem simple, often people fail to watch for the https:// in the web URL. If you take the time and pay attention, you can avoid falling victim to Pharming and Man in the Middle attacks. |
Archives
-Security, Switches and the Idiot -Vendors Need To Take Responsibility -Who's Accessing Your Information? -IT & Physical Security-When worlds collide -Biometrics, not just for the movies -Ignoring the patch -Time for a new firewall -Keep an eye out for "Vishing" attacks -Beware of "Pharming" attacks through DNS Cache vulnerabilities   
|
