DNS Attack Writer a Victim of His Own Creation 196
BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."
Karma (Score:1, Insightful)
Karma takes a break occasionally, but seems to have been alert when it saw this opportunity!!!
Bravo!!!!!!!
at&t not him (Score:5, Insightful)
you know how the saying goes.. (Score:3, Insightful)
Re:BEHOLD (Score:2, Insightful)
Re:at&t not him (Score:5, Insightful)
Well, you can choose to not use caching servers that are still vulnerable.
Take note (Score:4, Insightful)
This is real irony. So, if someone tags this story "irony", he would be correct.
Re:Good (Score:5, Insightful)
Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.
AT&T are the ones to blame, if blame needs to be assigned.
Re:Good (Score:5, Insightful)
Why does it server him right? (/pun)
He handled the flaw correctly.
A) Find flaw
B) Notify privately those affected.
C) Give normal amount of time to fix.
D) Notify public to force ISP's to DO THEIR JOB.
Or are you on the side of total secrecy of flaws. (CYA?)
Re:Did he take it well? (Score:5, Insightful)
Being called emotional by a Brit just means you have a pulse :)
Re:Along with everyone else in Austin (Score:3, Insightful)
Agreed, Google searches and DNS queries can be a pretty confidential information you wouldn't want to see made public, but it is not like the company was in any way hacked. If everything is set correctly, the man in the middle will not be able to see their encrypted webmail/mail traffic nor their financial communications. HTTPS has been developped with exactly this kind of attacks in mind.
DNS should not be a vulnerability (Score:4, Insightful)
Re:Along with everyone else in Austin (Score:2, Insightful)
Define "owned".
I'll bite.
Redirecting just the servers you have compromised keys for.
Redirecting to a proxy to google that includes malware targeting 0-day exploits for IE & Firefox (i.e. that javascript one mentioned a little while back).
Redirecting all traffic to a spam server is not "owned". That was pathetic.
Re:at&t not him (Score:3, Insightful)
Forget this Moore guy. I don't care about him. What about the compromised AT&T DNS server?? I live in the Austin area and I logged into Paypal yesterday morning (ugh, I know) from home on our AT&T DSL. Was that DNS entry compromised? Do I need to take action?
Why was a legitimate news story turned into a social piece?
Be careful walking on the mines you laid... (Score:2, Insightful)
Before you create anything and release it to public, it is important that you have a defense against it.
Anything that you create that you can use as an weapon can be used against you also so you need to defend against it. You or any person are NOT immune to anything.
A good line from the song "Fortress Around Your Heart" from Sting:
"I had to stop in my track for fear of walking on the mines I'd laid".