Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Attack Writer a Victim of His Own Creation

Posted by CmdrTaco on from the what-goes-around dept.

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

7 of 196 comments (clear)

  1. at&t not him by nicolas.kassis · · Score: 5, Insightful

    Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched. He should give at&t hell. All the other big ones like comcast and verizon claim to be fully patched. I understand the size of at&t's network but this is no excuse when everyone uses your network and pays good money for it.

    1. Re:at&t not him by duplicate-nickname · · Score: 4, Insightful

      Well, you can choose to not use caching servers that are still vulnerable.

      --

      ÕÕ

  2. Take note by Daimanta · · Score: 3, Insightful

    This is real irony. So, if someone tags this story "irony", he would be correct.

    --
    Knowledge is power. Knowledge shared is power lost.
  3. Re:Good by Kadin2048 · · Score: 5, Insightful

    Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.

    AT&T are the ones to blame, if blame needs to be assigned.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. Re:Good by jimwelch · · Score: 4, Insightful

    Why does it server him right? (/pun)
    He handled the flaw correctly.
      A) Find flaw
      B) Notify privately those affected.
      C) Give normal amount of time to fix.
      D) Notify public to force ISP's to DO THEIR JOB.

    Or are you on the side of total secrecy of flaws. (CYA?)

    --
    Never trust a man wearing a coat and tie!
  5. Re:Did he take it well? by mbeans · · Score: 5, Insightful

    Being called emotional by a Brit just means you have a pulse :)

    --
    "It was a billion times better than cobol, but still really retarded." -AC
  6. DNS should not be a vulnerability by joekrahn · · Score: 4, Insightful

    The problem is that bad DNS responses should not be a source of vulnerability. Anytime there is traffic outside of your trusted domain, the identity of the remote system should not be trusted without a secure connection. There is work on Secure DNS, but I think it is better just to consider DNS unreliable, especially since wireless access points are common, and can give you whatever DNS they want. Even if you use another DNS server, it is easy enough to override it at the router. Unencrypted traffic should always be considered untrusted and prone to hacking. We need a system of secondary (tertiary, etc?) certificate signing so that every web site doesn't have to pay for a commercially signed certificate. That is more efficient and reliable than Secure DNS. (Right?)