Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Attack Writer a Victim of His Own Creation

Posted by CmdrTaco on from the what-goes-around dept.

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

14 of 196 comments (clear)

  1. Karma by The+Assistant · · Score: 1, Insightful

    Karma takes a break occasionally, but seems to have been alert when it saw this opportunity!!!

    Bravo!!!!!!!

  2. at&t not him by nicolas.kassis · · Score: 5, Insightful

    Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched. He should give at&t hell. All the other big ones like comcast and verizon claim to be fully patched. I understand the size of at&t's network but this is no excuse when everyone uses your network and pays good money for it.

    1. Re:at&t not him by duplicate-nickname · · Score: 4, Insightful

      Well, you can choose to not use caching servers that are still vulnerable.

      --

      ÕÕ

    2. Re:at&t not him by SydShamino · · Score: 2, Insightful

      Forget this Moore guy. I don't care about him. What about the compromised AT&T DNS server?? I live in the Austin area and I logged into Paypal yesterday morning (ugh, I know) from home on our AT&T DSL. Was that DNS entry compromised? Do I need to take action?

      Why was a legitimate news story turned into a social piece?

      --
      It doesn't hurt to be nice.
  3. you know how the saying goes.. by pak9rabid · · Score: 2, Insightful

    what goes around, comes around.

  4. Re:BEHOLD by morgan_greywolf · · Score: 2, Insightful

    Yeah, that's what I said. He didn't pwn himself, he was pwned by someone using a tool he himself wrote. Two different things.

    --
    My blog
  5. Take note by Daimanta · · Score: 3, Insightful

    This is real irony. So, if someone tags this story "irony", he would be correct.

    --
    Knowledge is power. Knowledge shared is power lost.
  6. Re:Good by Kadin2048 · · Score: 5, Insightful

    Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.

    AT&T are the ones to blame, if blame needs to be assigned.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  7. Re:Good by jimwelch · · Score: 4, Insightful

    Why does it server him right? (/pun)
    He handled the flaw correctly.
      A) Find flaw
      B) Notify privately those affected.
      C) Give normal amount of time to fix.
      D) Notify public to force ISP's to DO THEIR JOB.

    Or are you on the side of total secrecy of flaws. (CYA?)

    --
    Never trust a man wearing a coat and tie!
  8. Re:Did he take it well? by mbeans · · Score: 5, Insightful

    Being called emotional by a Brit just means you have a pulse :)

    --
    "It was a billion times better than cobol, but still really retarded." -AC
  9. Re:Along with everyone else in Austin by Yvanhoe · · Score: 2, Insightful

    Define "owned".
    Agreed, Google searches and DNS queries can be a pretty confidential information you wouldn't want to see made public, but it is not like the company was in any way hacked. If everything is set correctly, the man in the middle will not be able to see their encrypted webmail/mail traffic nor their financial communications. HTTPS has been developped with exactly this kind of attacks in mind.

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  10. DNS should not be a vulnerability by joekrahn · · Score: 4, Insightful

    The problem is that bad DNS responses should not be a source of vulnerability. Anytime there is traffic outside of your trusted domain, the identity of the remote system should not be trusted without a secure connection. There is work on Secure DNS, but I think it is better just to consider DNS unreliable, especially since wireless access points are common, and can give you whatever DNS they want. Even if you use another DNS server, it is easy enough to override it at the router. Unencrypted traffic should always be considered untrusted and prone to hacking. We need a system of secondary (tertiary, etc?) certificate signing so that every web site doesn't have to pay for a commercially signed certificate. That is more efficient and reliable than Secure DNS. (Right?)

  11. Re:Along with everyone else in Austin by IdeaMan · · Score: 2, Insightful

    Define "owned".

    I'll bite.
    Redirecting just the servers you have compromised keys for.
    Redirecting to a proxy to google that includes malware targeting 0-day exploits for IE & Firefox (i.e. that javascript one mentioned a little while back).

    Redirecting all traffic to a spam server is not "owned". That was pathetic.

    --
    They ARE out to get you simply because They are in it for themselves and they don't care about you.
  12. Be careful walking on the mines you laid... by Neanderthal+Ninny · · Score: 2, Insightful

    Before you create anything and release it to public, it is important that you have a defense against it.
    Anything that you create that you can use as an weapon can be used against you also so you need to defend against it. You or any person are NOT immune to anything.
    A good line from the song "Fortress Around Your Heart" from Sting:
    "I had to stop in my track for fear of walking on the mines I'd laid".