That's right, I think the main reason Israel is so interested in these is because they are easily placed in residential areas to protect them from Palestinian rockets which 'accidentally' veer into civilian areas.
Amen to that, start riding and you will never stop. And for the record the 'It's too far excuse doesn't hold up - you will usually end up looking for the longest/exciting ride to work oppose to the shortest route.
Reliable DNS Forgery in 2008: Kaminsky's Discovery
from Matasano Chargen by ecopeland
0.
The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat.
1.
Pretend for the moment that you know only the basic function of DNS -- that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.
Bob goes to to a deli, to get a sandwich. Bob walks up to the counter, takes a pointy ticket from a round red dispenser. The ticket has a number on it. This will be Bob's unique identifier for his sandwich acquisition transaction. Note that the number will probably be used twice -- once when he is called to the counter to place his order and again when he's called back to get his sandwich. If you're wondering, Bob likes ham on rye with no onions.
If you've got this, you have the concept of transaction IDs, which are numbers assigned to keep different transactions in order. Conveniently, the first sixteen bits of a DNS packet is just such a unique identifier. It's called a query id (QID). And with the efficiency of the deli, the QID is used for multiple transactions.
2.
Until very recently, there were two basic classes of DNS vulnerabilities. One of them involves mucking about with the QID in DNS packets and the other requires you to know the Deep Magic.
First, QIDs.
Bob's a resolver and Alice is a content DNS server. Bob asks Alice for the address of WWW.VICTIM.COM. The answer is 1.2.3.4. Mallory would like the answer to be 6.6.6.0.
It is a (now not) secret shame of mine that for a great deal of my career, creating and sending packets was, to me, Deep Magic. Then it became part of my job, and I learned that it is surprisingly trivial. So put aside the idea that forging IP packets is the hard part of poisoning DNS. If I'm Mallory and I'm attacking Bob, how can he distinguish my packets from Alice's? Because I can't see the QID in his request, and the QID in my response won't match. The QID is the only thing protecting the DNS from Mallory (me).
QID attacks began in the olden days, when BIND simply incremented the QID with every query response. If you can remember 1995, here's a workable DNS attack. Think fast: 9372 + 1. Did you get 9372, or even miss and get 9373? You win, Alice loses. Mallory sends a constant stream of DNS responses for WWW.VICTIM.COM. All are quietly discarded --- until Mallory gets Bob to query for WWW.VICTIM.COM. If Mallory's response gets to your computer before the legitimate response arrives from your ISP's name server, you will be redirected where Mallory tells you you're going.
Obvious fix: you want the QID be randomly generated. Now Alice and Mallory are in a race. Alice sees Bob's request and knows the QID. Mallory has to guess it. The first one to land a packet with the correct QID wins. Randomized QIDs give Alice a big advantage in this race.
But there's a bunch more problems here:
*
If you convince Bob to ask Alice the same question 1000 times all at once, and Bob uses a different QID for each packet, you made the race 1000 times easier for Mallory to win.
*
If Bob uses a crappy random number generator, Mallory can get Bob to ask for names she controls, like WWW.EVIL.COM, and watch how the QIDs bounce around; eventually, she'll break the RNG and be able to predict its outputs.
*
16 bits just isn't big enough to provide real security at the traffic rates we deal with in 2008.
Your computer's resolver is probably a stub. Which means it won't really save the response. You don't want it to. The stub asks a real DNS server, probably run by your ISP. That server doesn't know everything. It can't, and shouldn't, because the whole idea of DNS is to compensate for the organic and shifting nature of internet nami
Does anyone else have this bug on the bookmarks toolbar?
Close a tab, then immediately right click on a bookmark (from bookmark toolbar) and the open options are disabled.
I really don't see how anyone could take GameSpot or 1up reviews seriously. Both those sites layouts are so terrible and add-ridden they give me a headache. I really put more faith in the random comments left by users on the tracker sites when I download the torrent.
I believe they are dropping the name because the know the power of branding. The Linksys name is often associated with poor quality products and they want a fresh start.
It looks like they are really going for the easy targets and not people like (dare I say?) us, that could easily tell this was a bogus site. Personally I find it comforting they are that far behind the game, but feel sorry for the innocent people who do get caught up in this.
Why does something have to have 'created' the universe? It's not possible to destroy matter or energy, why do you assume it's possible to create it? Why can't it have just always been?
Slashdot Mirror
That's right, I think the main reason Israel is so interested in these is because they are easily placed in residential areas to protect them from Palestinian rockets which 'accidentally' veer into civilian areas.
Some rockets spin leaving the launching device for stability, before they are armed. All artillery barrels are rifled so yes they spin.
Melbourne, Australia. Bike tracks everywhere.
Amen to that, start riding and you will never stop. And for the record the 'It's too far excuse doesn't hold up - you will usually end up looking for the longest/exciting ride to work oppose to the shortest route.
Reliable DNS Forgery in 2008: Kaminsky's Discovery from Matasano Chargen by ecopeland 0. The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat. 1. Pretend for the moment that you know only the basic function of DNS -- that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up. Bob goes to to a deli, to get a sandwich. Bob walks up to the counter, takes a pointy ticket from a round red dispenser. The ticket has a number on it. This will be Bob's unique identifier for his sandwich acquisition transaction. Note that the number will probably be used twice -- once when he is called to the counter to place his order and again when he's called back to get his sandwich. If you're wondering, Bob likes ham on rye with no onions. If you've got this, you have the concept of transaction IDs, which are numbers assigned to keep different transactions in order. Conveniently, the first sixteen bits of a DNS packet is just such a unique identifier. It's called a query id (QID). And with the efficiency of the deli, the QID is used for multiple transactions. 2. Until very recently, there were two basic classes of DNS vulnerabilities. One of them involves mucking about with the QID in DNS packets and the other requires you to know the Deep Magic. First, QIDs. Bob's a resolver and Alice is a content DNS server. Bob asks Alice for the address of WWW.VICTIM.COM. The answer is 1.2.3.4. Mallory would like the answer to be 6.6.6.0. It is a (now not) secret shame of mine that for a great deal of my career, creating and sending packets was, to me, Deep Magic. Then it became part of my job, and I learned that it is surprisingly trivial. So put aside the idea that forging IP packets is the hard part of poisoning DNS. If I'm Mallory and I'm attacking Bob, how can he distinguish my packets from Alice's? Because I can't see the QID in his request, and the QID in my response won't match. The QID is the only thing protecting the DNS from Mallory (me). QID attacks began in the olden days, when BIND simply incremented the QID with every query response. If you can remember 1995, here's a workable DNS attack. Think fast: 9372 + 1. Did you get 9372, or even miss and get 9373? You win, Alice loses. Mallory sends a constant stream of DNS responses for WWW.VICTIM.COM. All are quietly discarded --- until Mallory gets Bob to query for WWW.VICTIM.COM. If Mallory's response gets to your computer before the legitimate response arrives from your ISP's name server, you will be redirected where Mallory tells you you're going. Obvious fix: you want the QID be randomly generated. Now Alice and Mallory are in a race. Alice sees Bob's request and knows the QID. Mallory has to guess it. The first one to land a packet with the correct QID wins. Randomized QIDs give Alice a big advantage in this race. But there's a bunch more problems here: * If you convince Bob to ask Alice the same question 1000 times all at once, and Bob uses a different QID for each packet, you made the race 1000 times easier for Mallory to win. * If Bob uses a crappy random number generator, Mallory can get Bob to ask for names she controls, like WWW.EVIL.COM, and watch how the QIDs bounce around; eventually, she'll break the RNG and be able to predict its outputs. * 16 bits just isn't big enough to provide real security at the traffic rates we deal with in 2008. Your computer's resolver is probably a stub. Which means it won't really save the response. You don't want it to. The stub asks a real DNS server, probably run by your ISP. That server doesn't know everything. It can't, and shouldn't, because the whole idea of DNS is to compensate for the organic and shifting nature of internet nami
I will be getting one.
Does anyone else have this bug on the bookmarks toolbar? Close a tab, then immediately right click on a bookmark (from bookmark toolbar) and the open options are disabled.
Obviously just tryna keep a brave face in the midst of complete bankruptcy.
Freedom of speech applies not only to 'speak' but participate.
Way to go, take away rights from the people who are fighting to protect them.
Exactly, why not equate copyright infringement to armed robbery? Two completely different things dude. Congrats on the victory.
If you don't pay it from your taxes, the bank will charge you it in fees. The better option is for common sense to govern. :(
Indiana Jones and The Temple of Doom?
Haha, he is, after-all just a big turd.
Oh yes, I'm running ABP & Noscript ;) Just saying...
I really don't see how anyone could take GameSpot or 1up reviews seriously. Both those sites layouts are so terrible and add-ridden they give me a headache. I really put more faith in the random comments left by users on the tracker sites when I download the torrent.
I like the red ones better :P
Sleeping with the enemy.
Fucking aye! Where are my mod points when I need em!
I believe they are dropping the name because the know the power of branding. The Linksys name is often associated with poor quality products and they want a fresh start.
Please!
I agree with you 100%... Not even worth pirating.
It looks like they are really going for the easy targets and not people like (dare I say?) us, that could easily tell this was a bogus site. Personally I find it comforting they are that far behind the game, but feel sorry for the innocent people who do get caught up in this.
I'll get the cheetos.
Why does something have to have 'created' the universe? It's not possible to destroy matter or energy, why do you assume it's possible to create it? Why can't it have just always been?