"DNS Forgery Pharming" Attack Against BIND 9

← Back to Stories (view on slashdot.org)

"DNS Forgery Pharming" Attack Against BIND 9

Posted by kdawson on Tuesday July 24, 2007 @06:02AM from the better-hope-sitekey-works dept.

Monley writes "Help Net Security is running a story about a severe flaw in BIND's implementation that allows fraudsters to efficiently predict generated random numbers without the need to control the route between the user and the DNS server. (Here are HTML and PDF versions of the paper.) Using this vulnerability, fraudsters can remotely forge DNS responses and direct users to fraudulent websites, which can steal the user's sign-in credentials and do other mischief. The flaw was discovered by security researcher and Trusteer's CTO, Amit Klein." The ISC has released a patch to BIND 9.

6 of 105 comments (clear)

Min score:

Reason:

Sort:

Come again? by Angst+Badger · 2007-07-24 06:08 · Score: 4, Insightful

Since when is a severe flaw in BIND's implementation news?

--
Proud member of the Weirdo-American community.
Our product not vulnerable to flaw we discovered.. by fahrbot-bot · 2007-07-24 06:28 · Score: 3, Insightful

The flaw was discovered by security researcher and Trusteer's CTO, Amit Klein.
The TFA recommends using Trusteer's product to defeat this attack:
Mutual authentication solutions, such as Trusteer's Rapport, which strongly authenticates the destination website and prevents access to unauthenticated websites, can defeat the attack.
So, to recap. Vendor discovers a flaw and recommends their product.
Film at 11:00.

--
It must have been something you assimilated. . . .
Don't Diss Bind by toonerh · 2007-07-24 07:26 · Score: 3, Insightful

Bind has been around since the dawn of Vint Cerf's IP, but it has been redesigned and rewritten several times. The RFC that says replies go via UDP make it a security risk, but also make the net work better.

In 2007, where 1000,s of "researchers" spend their lives trying to break the Internet.... This stuff happens. BIND, SendMail and classic solutions are attacked. Amazingly they hold up better than Windows!
Re:New by hal9000(jr) · 2007-07-24 07:32 · Score: 3, Insightful

Maybe those bored college students should have gotten off their asses, put down the bongs and and written some bots that they would have been paid for.

Oh wait, that isn't ethical ...
Re:FOSSie fix!!! by m.dillon · 2007-07-24 10:03 · Score: 3, Insightful

A large number of programmers can make minor modifications to small software applications.

A medium number of programmers can make minor modifications to medium-sized software applications.

Very few programmers can make any sort of modification to very large software applications. Very, very few.

Bind is a very large, complex piece of software. A good portion of that complexity is due to poor documentation and badly designed algorithms (a problem I've had with bind from the first release on through today), but at this point the majority of the complexity is due to feature creep. I still use bind simply because I do not have the desire to write a replacement for it, and because the only other really good DNS package has a copyright and licence on it that makes it virtually unusable. Software gets stale as it gets older... if I can't keep software up to date after the original author has lost interest then I have no interest incorporating said software, no matter how good it is.

-Matt
Re:Jeezus freaking A Christ by eggnet · 2007-07-24 14:48 · Score: 4, Insightful

Probably because BIND has to be cross-platform. I'm sorry to break this to you Matt, but some people use inferior operating systems without good random number generation function. That doesn't prevent BIND from using superior OS provided services for platforms that do have good random number generators. They decided not to do it, plain and simple.