Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Poisoning Hits One of China's Biggest ISPs

Posted by timothy on from the when-bad-childhoods-attack dept.

Support Code writes "ZDNet's Zero Day blog is reporting that a DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits. The DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer, Adobe Flash Player and Microsoft Snapshot Viewer. In this interview with CNet, Dan Kaminsky confirms that attacks are definitely going on in the field."

2 of 86 comments (clear)

  1. Just trying to help. by rts008 · · Score: 0, Offtopic

    First, thanks for the comments (this one and above). If I had mod points, I would have given you +1 insightful.
    After all, how much more insightful is good information from someone directly affected by something we are discussing? Quite a bit more insightful is the answer!

    Now to the reason for my reply.
    When I was stationed in Germany for the US Army (I live in Oklahoma, USA), I always appreciated corrections to my spoken German language attempts. Most of the time the encounter would turn into a mutual learning session for both of us...the German I talked to would help me with my German skills, and wanted (and received) my help with his English skills. It was a great learning experience for me.

    That is the intention of my reply. I have edited your post below for corrections in English grammar. If this has no interest for you, then disregard the rest of the post.

    No harm=No Foul!

    "This is a very good question. Frankly, I don't know. As I have said, I never trust OpenDNS due to(or you can use 'becuase of' in place of 'due to') security reasons.

    *new paragraph=change of subject, or focus on subject*
    I use it for my desktop browsing, not for anything worthy enough to be protected. But I know from my own experience that some Chinese ISP's(the apostrophe as applied here seems to be debatable, but was proper usage when I went to school) are seriously incompetent in managing security risks. I have seen some of their mistakes in securing their service so that I wouldn't trust them again.

    *new paragraph-see reasons above*
      OTOH I know I have to buy their services to get online and put these rants here,(added comma to 'end' current focus and enable a slight redirect to the sentence) and that sound like a paradox. Maybe it is. Finally we have to trust somebody else. That's how we live (replaced 'make' with 'live') our lives. I just chose to deal with one who has *already* made a (removed 'bad')reputation as...
    there are many option here:
    1. ...the lesser of two evils. (pessimistic outlook)
    2. ...the better one. (more optimistic)
    3. ...the best person currently able to do the job. (most optimistic)"

    I apologize if I have over stepped my bounds here, I only meant to help.

    I like to hear from those outside of the USA, so your post has been good for my learning experience.

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  2. Re:Cyberparanoia by Saint+Gerbil · · Score: 0, Offtopic

    that drunken bum ?!