Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Attack Writer a Victim of His Own Creation

Posted by CmdrTaco on from the what-goes-around dept.

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

20 of 196 comments (clear)

  1. Did he take it well? by CaptSaltyJack · · Score: 5, Funny

    I wonder if, when he got attacked, he just leaned back in his big leather chair, and chuckled, "Well played, sir, well played."

    1. Re:Did he take it well? by capt.Hij · · Score: 5, Informative

      According to the article (you know the one that is linked above) he said this:

      Now he's one of the first victims of such an attack. "It's funny," he said. "I got owned."

    2. Re:Did he take it well? by pandrijeczko · · Score: 5, Funny

      You're forgetting - he is one of these emotional American types rather than a stiff-upper-lipped Brit like myself.

      In all likelihood, he probably bawled out a John McEnroe-like "YOU CANNOT BE SERIOUS!!!" and threw his mouse at his computer screen.

      --
      Gentoo Linux - another day, another USE flag.
    3. Re:Did he take it well? by morgan_greywolf · · Score: 5, Funny

      You're forgetting - he is one of these emotional American types

      Wait! Are you saying that Americans are emotional! WTF, man! We are not fscking emotional!!! Gods, those Brits make me MAD AS HELL!! And I'm NOT going to take it anymore!!!

      --
      My blog
    4. Re:Did he take it well? by Kamineko · · Score: 5, Funny
      http://www.dickensfair.com/images/costume_m1.jpg

      "Gentlemen, we're receiving this morning's stock broadcast on the ticker machine."

      "What! Our stock values are tumbling! What the devil is going on, Mr. Smith?"

      "Why, I believe some monstrous rascal has been at our wires! I do believe we've been owned, Mr. Jones."

    5. Re:Did he take it well? by mbeans · · Score: 5, Insightful

      Being called emotional by a Brit just means you have a pulse :)

      --
      "It was a billion times better than cobol, but still really retarded." -AC
    6. Re:Did he take it well? by omnipresentbob · · Score: 5, Funny

      I know! Let's go throw so freaking tea in the ocean. We'll show them!

    7. Re:Did he take it well? by MrNaz · · Score: 5, Funny

      Not true. I heard that a stand up comedian in London died on stage, and nobody noticed until the corpse went cold.

      --
      I hate printers.
  2. Correction to the article published by Anonymous Coward · · Score: 5, Informative

    The reporter has published a correction, which is also reflected on the Metasploit Blog.

  3. at&t not him by nicolas.kassis · · Score: 5, Insightful

    Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched. He should give at&t hell. All the other big ones like comcast and verizon claim to be fully patched. I understand the size of at&t's network but this is no excuse when everyone uses your network and pays good money for it.

  4. Retraction Posted by mubix · · Score: 5, Informative

    http://www.pcworld.com/businesscenter/article/149136/dns_attack_writer_a_victim_of_his_own_creation.html

  5. Re:Good by Kadin2048 · · Score: 5, Insightful

    Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.

    AT&T are the ones to blame, if blame needs to be assigned.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  6. In the words of the Bard ... by r00tus3r · · Score: 5, Funny

    For tis the sport to have the engineer hoist with his own petard.

    1. Re:In the words of the Bard ... by MyLongNickName · · Score: 5, Funny

      For tis the sport to have the engineer hoist with his owne petard.

      Fixed it for you.

      -- Old English Grammar Nazi

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    2. Re:In the words of the Bard ... by Anonymous Coward · · Score: 5, Funny

      For tis the sport to have the engineer hoist with his owne petard.

      Fixed it for you.

      -- Olde English Grammar Nazi

      Fixed it for thou.

      Fixed it for thee.

      Fixed it for thee.

  7. DNS cache poisoning in the wild by GogglesPisano · · Score: 5, Interesting

    It's interesting to see how widespread this exploit has become. I've checked my home and office connections using Dan Kaminsky's handy DNS Checker and it appears that my ISPs have taken measures to avoid this problem.

    Unfortunately, I also travel a good deal for work, and it's hard to be sure that the ISP used by whatever-hotel-I'm-staying-at-this-week will be as proactive.

    The guys in TFA got pwned by being redirected to a bogus Google look-alike page. As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true? What other ways might be used to detect this problem?

    1. Re:DNS cache poisoning in the wild by Phroggy · · Score: 5, Informative

      As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true?

      Yes, this is true. HTTPS connections require an SSL certificate which must be signed by a Certificate Authority (CA) that your browser trusts. Your browser ships with a database of CA certificates, and you can manually add your own if you want; any SSL cert signed by one of those CAs will be trusted, but any SSL cert signed by anybody else will display a warning message before allowing you to access the web site.

      Unfortunately, there are legitimate HTTPS sites out there using self-signed SSL certificates. Chances are, you've probably seen one at some point, and you went ahead and accepted it anyway, because you figured the company is legitimate and they just skimped on getting an SSL cert signed by a real CA. I know I have. If DNS cache poisoning (or other techniques) can get your browser to think it's talking to a particular host when it really isn't, AND you accept an invalid SSL certificate, you're screwed.

      Note that SSL serves two purposes: it encrypts data while it's being sent over the wire so nobody* can eavesdrop on the connection between your browser and the server, and it also provides authentication so you can be sure that your browser is really talking to the server it thinks it's talking to. Using a self-signed certificate (or a certificate signed by an untrusted CA) renders the second of these useless, but the data is still encrypted.

      * And of course when I said "nobody"... There is a way to intercept SSL connections, but it requires that you install a special CA cert in your browser, which will make your browser trust whoever is intercepting the SSL connections. This makes it possible to set up a caching proxy server that can inspect and cache data being sent over HTTPS. This is crazy stuff you shouldn't think about.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  8. Re:BEHOLD by Anonymous Coward · · Score: 5, Funny

    Yeah.. it'd be more like the US getting attacked by weapons they made and sold to Iraq or something... oh hang on..

  9. Re:Take note by Freeside1 · · Score: 5, Funny

    yeah, it's kinda like a red light when you're already late.

  10. Re:Good by rfunk · · Score: 5, Informative

    Er, this isn't the same guy who discovered the DNS flaw.