|
|
|
Report Claims DNS Cache Poisoning Attack Against Brazilian Bank and ISP
By: Larry Seltzer
2009-04-22
Article Rating: / 1
There are 0 user comments on this Network Security & Hardware story.
OPINION: Attack shows the potential for serious spoofing attacks that could leave end users helpless. The only real solution is DNSSEC, which will take years to implement under the best of circumstances.An unsubstantiated report claims that a successful DNS cache poisoning
attack was conducted recently against Banco Bradesco, a
Brazilian bank.
The reports are in Portuguese. This
Google translation explains it in typically clumsy, broken English.
The actual DNS cache belonged to Brazilian ISP NET
Virtua. DNS cache poisoning is an attack against DNS servers, usually through a
vulnerability in the DNS software, allowing the attacker to change the IP
addresses that users receive. In this case, they changed the entries for the
Bradesco servers, redirecting users to a malicious Bradesco look-alike server.
The same attack also poisoned the entries for Google's Adsense servers, with
the purpose of installing a Trojan on the users' systems.
The goal of the Bradesco attack was to steal passwords. No details are
provided, but in all likelihood the fake Bradesco site had only the log-on page,
and users were probably sent to some error page after entering their username
and password. As the Brazilian account says, many banks still don't protect
their log-in pages with SSL (Secure Socket
Layers), so users wouldn't necessarily even have the option of checking for an SSL
connection to prevent such an attack, not that many users check it.
DNS cache poisoning attacks are difficult to pull off; either that or victim
companies have done a good job of hushing them up. But they are an especially
fear-inspiring class of attack among security experts because there is so
little that end users can do to defend themselves against a well-executed one.
To all outward appearances, things might be completely correct from the
client's perspective.
The Kaminsky DNS vulnerability episode of last year brought the problem to
greater light than it had received previously. That bug, which enabled cache
poisoning attacks, affected the large majority of DNS implementations. Even
though Kaminsky and the industry coordinated a series of simultaneous updates,
there are still lots of unpatched servers out there.
The only systematic solution to the problem of DNS cache poisoning is
DNSSEC, which uses public key encryption to authenticate the sources of DNS
results. I think it's fair to say that everyone believes DNSSEC is necessary,
but not a lot of people want to go to the considerable trouble and expense of
implementing it.
The
proposed Cybersecurity Act of 2009 (Senate bill S.773) orders the
Department of Commerce to come up with a plan for implementing DNSSEC in
government and "critical infrastructure" within three years. It could
be a good idea, but if the implementation of DNSSEC stops there, then so does
the protection; for example, if consumer ISP DNS servers and the consumers
themselves are still on conventional DNS, then they can still be attacked in
the same ways. In fact, if the DNS root itself is not signed, then the
protection itself is inherently limited, and there
are reasons to wonder if the root will ever be signed.
The Bradesco attack may say more about Brazil
than anything else. We don't know enough yet to know how generally the lessons
may be applied. I'm more inclined to believe that Brazil
is the canary in coal mine here. The bad guys in this business have a habit of
picking up on what works. It's unlikely that DNSSEC will ride to our rescue
before we start getting attacks like this back home.
Security Center
Editor Larry Seltzer
has worked in and written about the computer industry since 1983.
|
|
�������xr㶲(;; YڦxH)ٖZcY^f&U(��S�IVr�Ϯ��O7�t$_&%�l�ݍF�$\i9#v͙M5>5J�`OS{Su�1F㠦Y�=/[�}D}�F��\�3�Ѣ�fb
^Pk$ȁ_Mܦ�%yH#L�ERNȏ�mH|c�ַ0>t@ߨ�V�ANÉ,}!*{�>"E%�k4ً�ʏᐨqGO��{/�!�X]~�ꄽ4-j#2]�hj:TN`Uƞfn�=�a��Z.�9�1rz�m�
Go&lwrD�ƞIC�d"�LJA`:pm3��G^C]õ]��\./RF�eCwt�S��źS]k�ԏPL0H��6=~0[� Q��K��8���`=Ķ|h��:�]�Uh?AWuomzV[u�w#ϝ9�yq�L%X䄍ER'�>6)�|@��ɤ:!Zda-}9e̛�f4öC�ٰ5T:Ԫr\�ˇJY�}m˙=Z8ӼN~3j�t/ir^.s$�(֝;`
mKIu]+h0�M9Χ;yP} �d}+5��UJ�`Z.�
Ǔ$�_��c�::fV}��jkQҋZ-_ �����k��٥zl$YS)2�!�,�"'3Ҽ5ooZ&5O/NnZsdo̲5<�JEӀ��Z�vb�"?[�WkYK;7u"+|vg��5M0\̱:֪V�1?!&A띑]ڗ�;Bey#�7{7#ReQ
�o̱n>�@|ˤd0�&p*� ߱n^S'G�5ǯhV=<<䭱JG+Ҙ&
�9B�:A`�̺NR�49�Vˡ�8蟱$W�m�4�@r5)6B̄H )F7R<�&�,)|YB* b�r�ݢPP3nS%EI7#DD��v�x��r!DKI��88��c�^IR]E1\a>pY?y�vwެ,�U*մޅ-~iQwΨ~l>4Hsvmo�ǫ�g�",�$��ꨦUʇ��,Vr*ǿX@8ʍ�??6m!SG�ñA
SM:gvϳ` 0h
�vz?1>PӚMj�q�OCGs�>H2胎6ml8�-�"�
,70}HG:QI�47X0x=�c�Og6%_�¤><� v�&ztmP`��5$GC-ߟ�L=�s#08�w�ɽ�5�y0+wK�@b!L���TM}��PC�n@�}S(�r`OA=Z�9{ݲeǀxԜ�)u�%w2J}c�>�] CRRP$S�]HPw9�J�
B�!\��0H��V0(VFR1i�Jl�Ri KwRTD;7 KŔ=*%�nqR%a 934YIjL=?�j1!U�G�,D`v9J,L��.�Y
ϴ��je[+�R,4�T(9 v/+Ò*!0G@VTyy&fS̷�rH�z::3�`|�=�0Xհݙ2|dң%=?�p*JNC_jVzq}~7MAV?�T�y
v�|9�p��9E#rUϚX� 5<�.�&B#57�&�Q OzBnehJJ*$,�4�)pd�j�K�}ݼ^`�";hqNNRНB#@9z�Q��/OJb-yhֽk�m�H_ƠT:�.
B[+�� M
�2%W��}kaԕ %/D�A
n:bX�G6�X�G4~hN/a2*)w4>t:>{j
-j&{?&�TY9?>2ei[F6oՒhcM;,Wbzgܱ��K���(�)m�ʥ�;u@�4-=�t`�۱�yu; ��N�ϣ )a!�c"Q�+}ne�@ͤԪ�)X[�S�T�2.Q\�&�V,'`#z)#�NWɅk'SKw��˥EeHW
w)b
d>i6 '�[ar�S��hfh:l�=_G>�w�ZB_wa֚�ofrI)jLy#l��q-Z
;tm}Ȧ�szN8t�1Dږ3��`_�mpn
Z�FZ�.�"�&~~~029�?\ug>Zfm4~�An+�p��&��>Bkf�w`lrGx#J�rEu�l{��`�Sքc'M}Xt�cyyW��Ӏ�ap���"]����jA���4>�\Pb�r>+
eT)5*�IMx�m"P/?�ˇ%Ŵ�谢��Ԙy}R�ː
0gted��-�흧�IR-��frheU-UjR9�_V�2�:EƟR�!prɵ>gw%�eXY81f�-��1_0kE
�/ÊTU5ݧ+i
fB1&}�l��dA�X�~\U4Uud�¹�`��Qе�a�⢉�!h�+�����4khý235RzVU;OP(�;Ђw>k-4f{F;d�E.:WԲ'*�*�5P6>*�09Nf~kkJ�$�X�
��c4}�5��:*jAe߯Y+^�t�m(5#c��#2��pg��rh)hgj*��8Uo��F* ϛ=G$1�*@7Z �3�e�4
"l>&75V`]z<-�>r97poj%@�(1}Д1�Ze�ɢ7)Ь6�V�#�i@/ex.N3 akc>��
4y�QFk�oZ,+eeX��/)
JU-��A^Mo6=ITPGQ�>8�yIc#&�ahxmb�=Z"FR6�
JzϢ
C:g�-&�v�eN�6qa�?͕g7ckX?"�B�5)��`J'�¸�_v�^IўA��b2�aOt53qp0͎�3{�QlYV&Up]t3c>ԁ�h
0>2Rlɪ�+> 2*ijARϢsw@F:Lpz�]�Qd:)nQ==յћYӀ �G+L)߭~*�WI䦳T.jZ��b[)Uʹ�>"m4�G\�0�R,W��1<ʢ'r�]N6.�_-J�vq�*�s>P�9��۷BlpH75),8{Je�%[
yr}e, ,"z��R=.=2��a7ZPf��3�111u/x߾�~Ԫ�%����b�n}+ ���C7�{��Cal8)e�~�u{ݶz�GmUO:o[t �?�t[Vꈷ��1h_��{4}cq �,�}Ej]5uDJ��-�t>^Iv}j�Gya8dF&�Pv�B�,
F
oI�Ÿ}/gvnK7�my��8�-o�d�D4|u�Nqu%}ڹC|uՔ:�s5A AH#��FW!yN/lFS�L�o2�XGzz��0K#&WDH[�()�Y3�\/D]s>֒\zF_ɾj,r9Aϐa(�Z4�Gc_ފ8
Z�`!�w1ߐdxPRc� (ʱ�=`����`�V鈳V9:̝�\b/;A��VB�0FG_TJi�)4z'u�3xv<48S�j67 EW%'K3t{-�-'��:}mF!џ`
e܃�Ţ*WVr[k'>�!����ڗ.4|YA$�!rF�0xc�`s�AZ|j��eԉ8%4�\ ��{-~=�`��rv���PR)&Bz*I�;ˢ
ݖ2h�9�:)!ON]F(2H P,O&e=l�I1 iKBih%bbVHGRo�{ݸڞ6<1ޥ]ƙBVmK$�d�cgKe
s� Kq�kP�i2��+�`-�>�ϓ��gԢᬖ^}+
ɏ�h� ��R̅2O������YE^=�{UÊv;���roV8_�Koҽ{ᧅmE��rt�ZTcd{I6$BUUk
�Ⱦ\EVe.tՕ^th<>��i��,F��Jf�:7k�^�x̠t8s���w{�~}!.5?/�y<�7?_gpKw�
�z�7>+-R!EkE��7_�UK��㒏7ʢ�E�'%:�mחF�}�{+�!bi4V;�Tf{s̷�kH��>dO#@/5mvd2tY��~�AXy� �VorlK9w@rs&�8l��Pf�pvn
֔I���i#ĠH[ųrMs ��_5D��N��
X��W+Oi��/!IVܱ�S,*_�1;l�V6֊ v)[ꈧ W�ך�|e�b�֚K�KLBI|�pI�M{fr+��(?8��ܻ'VD�e�[b[0| rK��ֈe[a32OrYfM-�O>,0eRKӝQ^''\/_z}`G�340�W� 06t߯o[S>�ԧ�ˁms��.zR�CP�<]��N]XiIx�=J�="8K~nSZьO�KC|��'j|"�f!,z��>`=�+�u9nB�z6WD:i+j�zóH8t'2p#�n xsucLCs(oa�KL][@O3�%|!,��+�ue"�/Cezw6�QsG�\3Gd(,��S�EZ�W~A(�P6ΰ1םp arȨȂβ�SA�]*�b" mC�m̷@-X�rF[/6|p4uYD�8�V1��d?;ۊG-<+b�b$N?;9ta;ni]b%,xDdIds+j$ne%!�v-h)�L�m*rxXL�잆pm&6sr'f�~xo9�5�V,4"5�x<>�̱Fv~��}Y�-�y��9��F:I�qVJV<
:/Xt ��7=^ď�z6��
}�'@'ߟ*�&xS+WBr(b-F�-g2~ŶRd�
zD�p=,mśikƗZ�`\�*JgWn4T��I##҂q �w@ċ�͟�r4}ޑiJ:!�o|i�MQ*R鼌^|?T��Ԑt_ҁJ!zn��$hAX>���'J
uƮD��nwb*2mH�g�SQ �x^�+IifA�&{0G�J1b�Ww|mݽ$)_�c=(!=vA}WvCIUwPZ��f62%N݉�t:�P;�aATkyA!�
&h�P�"q0_�?xvxַ;hʶ|Rzq>A�SX�XtH\��
b>�A
I8LaZ�&~]�҄Ty:%O~u9"i[k�̆CTAcN2E0paF@�_4
6�V�zl�dPI�pH>A C�4In$Veʋ3�,o���Jg,M~�3NuGSS��9���`9E:wK�ۉAʒAXV�NR�y�U�\\\\.B)wƺ�=�F
N%ܭ
IvSO,ǿ3s�,XK�s[X��a��pz��3S0$L�q�lj' WRϦP�l{pcO��&
e�Rw>AC���}�3R,� oo6 *^c�^^�E7[߶b8HJ0�R�6&e8_k�;*H�$� I�d3G����ZP@OOnn/m!!4?RS�V�6ҹhDyL$u��5\ۂUIR(WK��} 8>�t�ХF~g80gy��"z=Ngؒ�_�ix��ڮ�,x6@NI7b�t0Kװ� fL�ޒ��a�i0'!�iKsPea
ށ�_ْo*l[��ħR�~qW�nA6 Xlu�" �X`퐮R{W[�~~~~~~ݒZ,E@D�}}̗NfBL)9��@��`���Ƥ0�,3?xV5=v��;�ߔx^
m#mDʗiU��ǧ��˿c��T~l�� 1%!Z�!�!|}C=�Z߶.Fw�hk8I:X$?�=�tua[qNY��D;ŕ4����B�O!@ /i.@U�:(LݙmJ�`*5���gO�6KD&6ao�|cp�
6^o6}@h_x�-��^wL1@*z6�Ɵ8O011+y}U&J.�tܺmf|_a~�:l�8.×p-Zc
Gp��ҽw/HNKKI�K(7"m_ȟڷ0TJZ� I�x
ɑ{v+�ME�/pTƥU�XrMݩnUU_��H^&t��
ʕ[3s����0ڌ^���l��!۩ِ)Ԉ��m�cl�(M#�ۀږձ�lO(ʺU_~��Uֿe=:qRY, �eeGbp{,�șuv��c�~u�P2oO3@84kI/NI�$8�&wGjpj8a[YS@7�M�
,�gs�%%08k҃�>?w}L§�{2(PT�)>k~~i//m~ю��g�ŗy��X�'kaӈa`'.8b1DKb��@/_j�3ܐ}LV�PC�nx.7*[z6�D���B�Dzя"v@9Ъ�
es�l7>kE_A-fiΞC=K��L�̘>
I7�߀{��#i�H^�/
:â=&\ߣ��Y�fY�(opo7?b䭼d��?�߿ߋ.d!?X����^ْ~
j~`�&ƘKjxߩVQ�Ւ|��Rӊ,w)]�dDo=0�:էBZcě}��Wes[��ɣS#DUtC�HU)
&
<�
-F55YʎM3r�3#66j=!v pg{c;�bwmj�+LxX8Ow|
vg�O�%Yձȯ�lݹ[Y����|h
�p�Ky��c`NGnD�v"A)bo3ow⠪c�F�a>:>()[��zpWӸF߮-�Ob �,�9bp�{wi/1�~J+kѱ�K=̜(O8{юMUbtm-R@wyj�4Z�u-u{
cD̋:t�C_aeY
ƋxfVؖTm}qV.�NS�)l:dz^c��±0�@$)5,�?_J m+Q�^_�f�VܞVk�*>*1Xb
fZ*F6#ZIikx�c�
4&�9px[�+p��S CR�,6$Ae�5T?�0pԽ~#n�ʏZU{F
dM,;|U�e|%wR[lO>�O�&po�V0��� wA>po4xSP�ʕ�U+%=�Ө~3l�@�"r?����I:N=!~^P���ԓG�e)@��gat*K�_!߰�,VI�m{7�R[�$y?ZED���%��Qyl~@~h.U{7]
d.3�2�\9�ޛra@S�qB�~� 'l�I<�R+�o�`��-=2.K�աu/ـ
O>!B|1[GB(W��9Ĝ#M�[wFy檫�*�LXn]ea@�p=S�-$2Șh
MQ VHxDɹ�~2&YBE<
,iM�m�a��ngOc�5DyT�H"f) (c�U��
�T�,
���!�L)%n67p>9��,a&4�`M]��Xg�-�.ExD^�wqP{�O���ԁA&V
p͒wy�6t0VQ�1e&���|�nd%n���K
IbyL�
]ǒ�4�Bq0h6 @2߰�b�JU(IhRW�|W
|�+R0cU-%Ζ+_#S��wV7X��z+i+����j9Iˑ!;�^i`��u0 }a3bru�cL;7AoMx=i]Z+rҼQ%lkE/WQwIiyy}Ӻ疇ۂl��6/M&E`9Y22 Wv)3C9�mꌸ6�W#\]frxixɎ(azh,.6qNO|ջ@)Qe;ʋ QW~4ab_#)o4]-Zq-ƫ�x]bMɩkfhw>1e�M�/G��}*4]V0.8���SDny#f�n�2�(�(
FFy�;�g@fF)/?�g=}F/ZEk}y,WoeCZ�CL*�nQ�?/��a3Ƨ
3o�v�|o;mO;>m�mv�^e ?e_@EF?��m(og^e�U\]e_��O'Ct@t25u�\��dO�f��z��k}G� ?e�~2�A[(*�[h6[�Ku1�Ay#C�pz~;"9(/'�R*z�U�KC(g*_`]dk��t.�rf_�u3��̭L_ZקBX\jzr+�^6'e5�v+iA�M��{} yW��/"yeoR,��AQq.�
3l?V\[[,Oн�ۺ{'
Jݓs+z`~H\]M�b}+r>VD=?�&v�t{r��.�v뻸)nד��pK��SG0�U�75ip�ŭhg?>/�ydֺWWVF+p'k͠~�%kS3N^xylߣx߇
ߊD,y��e%�Hi_1\����&�d8Ï }Cqzvtsʱ
Ea��qgݻqœj@@rv/=|�c_K6ٵӠw`/&�o�.;4m>F26X�q?Ih"v]!6
�R�Ň%1ȗ3{dwu@`~K�fIw�&�G�� ?Y�>KGJL�E7&�w`�W��~rh`=E('}|\��k,##1苌Y MЦ =
B8̈́dX.N`'�=ס ega,��"s
k!v:k2=ju"䶮Ig�=Uy,�?h�PxU�E0@$=Cf�K ��⛗F�A��}F垓$gg_5�b
Fy&b3@p�+,D*�9"[�o
%�P @EikA/?muH3軉fKN&%�}YQ ��v.y�hFʪv\r#tfR'��9"Ź
oPm��JO���0wG�w�
,��CS6�Vo��Sc�? `�nwn9c�ˎk[QYɶ��z
S�O~jO(Coݒ��\�k<>a�idcz:SA\W �(9|�x@NlM�-1�ue|�nHHU֧f2{M�:�з��57`�([|�ӽy^ˍ_d%�\#d<�l[� +"���ۂ���mӤ6q¥"UXJM���X,8.� kt9k�;��[�r"#�<[_ڵlAt�=] vE
�h�Mg�+_2qE�n�B��VJrX}P/):�OOg�sZ�%n^��H�v�"���,�{ �QFb�FY9N]Rjã
,c<��ԭ<�P0��_C^&?c5Vqٮ�7G,cݰ+`�jk�7D]EtAw{&BTUc2��X#+�7I;s�__�@�>���{z��wn}C\��:1V`7Y=g[8K�IJ��y2 !δZxyU~ҥ�^�.I,g`cQd+8*)�ؐ��r���k`4bOP���1,�sQv7=M`�N*)As�a#�El���;Ap^7m�s�S<"Y4.tL�x��ZC%ӫr&y{e��7�5w�SF
u�#yA����s�3��z9�w�:a0�~br8Lt4Q�|�J Km)�3��ς �ix�v�4<�Tf�_E@�G7`yUĔ�f�ٵ\RKnr�m�mS{
)�60M���Är"5roq-ye��zЙJ��pK��8
g!0X^�Zʩȩ(v�}_|J�Ѭd�;j�+39ʧ3J�~p��lc\YG��7�nesb�~g!睫th.?�Jz�`�g�nfX�vQ��JeY�/�uK+_0dF-<��#@gkj5U+kD;ydMn+:cSEᘸe=9TVs0v*b(1lS2�4K�_hj�Jl�xTȉY0�7Nw6̈́
В��^&Ů�v�be}�iLDx*��
|
Network Security & Hardware 
