DNS Attack Writer a Victim of His Own Creation

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

Karma

[The Assistant]

Karma takes a break occasionally, but seems to have been alert when it saw this opportunity!!!

Bravo!!!!!!!

at&t not him

[nicolas.kassis]

Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched. He should give at&t hell. All the other big ones like comcast and verizon claim to be fully patched. I understand the size of at&t's network but this is no excuse when everyone uses your network and pays good money for it.

you know how the saying goes..

[pak9rabid]

what goes around, comes around.

Re:BEHOLD

[morgan_greywolf]

Yeah, that's what I said. He didn't pwn himself, he was pwned by someone using a tool he himself wrote. Two different things.

Re:at&t not him

[duplicate-nickname]

Well, you can choose to not use caching servers that are still vulnerable.

Take note

[Daimanta]

This is real irony. So, if someone tags this story "irony", he would be correct.

Re:Good

[Kadin2048]

Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.

AT&T are the ones to blame, if blame needs to be assigned.

Re:Good

[jimwelch]

Why does it server him right? (/pun)
He handled the flaw correctly.
  A) Find flaw
  B) Notify privately those affected.
  C) Give normal amount of time to fix.
  D) Notify public to force ISP's to DO THEIR JOB.

Or are you on the side of total secrecy of flaws. (CYA?)

Re:Did he take it well?

[mbeans]

Being called emotional by a Brit just means you have a pulse :)

Re:Along with everyone else in Austin

[Yvanhoe]

Define "owned".
Agreed, Google searches and DNS queries can be a pretty confidential information you wouldn't want to see made public, but it is not like the company was in any way hacked. If everything is set correctly, the man in the middle will not be able to see their encrypted webmail/mail traffic nor their financial communications. HTTPS has been developped with exactly this kind of attacks in mind.

DNS should not be a vulnerability

[joekrahn]

The problem is that bad DNS responses should not be a source of vulnerability. Anytime there is traffic outside of your trusted domain, the identity of the remote system should not be trusted without a secure connection. There is work on Secure DNS, but I think it is better just to consider DNS unreliable, especially since wireless access points are common, and can give you whatever DNS they want. Even if you use another DNS server, it is easy enough to override it at the router. Unencrypted traffic should always be considered untrusted and prone to hacking. We need a system of secondary (tertiary, etc?) certificate signing so that every web site doesn't have to pay for a commercially signed certificate. That is more efficient and reliable than Secure DNS. (Right?)

Re:Along with everyone else in Austin

[IdeaMan]

Define "owned".

I'll bite.
Redirecting just the servers you have compromised keys for.
Redirecting to a proxy to google that includes malware targeting 0-day exploits for IE & Firefox (i.e. that javascript one mentioned a little while back).

Redirecting all traffic to a spam server is not "owned". That was pathetic.

Re:at&t not him

[SydShamino]

Forget this Moore guy. I don't care about him. What about the compromised AT&T DNS server?? I live in the Austin area and I logged into Paypal yesterday morning (ugh, I know) from home on our AT&T DSL. Was that DNS entry compromised? Do I need to take action?

Why was a legitimate news story turned into a social piece?

Be careful walking on the mines you laid...

[Neanderthal Ninny]

Before you create anything and release it to public, it is important that you have a defense against it.
Anything that you create that you can use as an weapon can be used against you also so you need to defend against it. You or any person are NOT immune to anything.
A good line from the song "Fortress Around Your Heart" from Sting:
"I had to stop in my track for fear of walking on the mines I'd laid".