Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » Privacy » DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device

DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device
Category: Privacy
Published: 07/25/2007, 22:26  
Editor: Remus Zoica
 
Print article
Send to a friend
Search in reviews
    The "DNS Forgery Pharming" is an attack that can remotely force consumers to visit fraudulent websites without compromising any computer or network device. The new attack affecting most Internet users has been demonstrated by Trusteer CTO and security researcher Amit Klein. The most popular DNS server today is BIND (Berkeley Internet Name Domain) developed and maintained by the Internet System Consortium (ISC). Trusteer CTO and security researcher Amit Klein has cracked BIND's random number generator and demonstrated the new type of attack. When a user enters a domain address such as www.bank.com into the browser's address bar, the operating system needs to find the IP address associated with this domain address to connect the user to the website. This is achieved by transparently sending a Domain Name System (DNS) query to a DNS server, which is basically a large repository of domain addresses and their associated IP addresses. The DNS server returns a DNS response that includes the IP address of the requested website.

    The security researcher and Trusteer's CTO, Amit Klein, has revealed a severe flaw in BIND's implementation which offers fraudsters the possibility to efficiently predict generated random numbers without the need to control the route between the user and the DNS server. Using this vulnerability fraudsters can remotely forge DNS responses and direct users to fraudulent websites. The fraudulent website can steal the user's sign-in credentials or tamper with the user's communication with the website. BIND implements a standard DNS security mechanism, based on a randomly-generated number to avoid DNS response forgery. This mechanism prevents fraudsters who do not control the route between the user and the DNS server from forging DNS responses and directing the user to the wrong server.

    Klein stated: "This is a devastating attack. B targeting a specific ISP's DNS server the fraudster can easily direct all ISP users to a fraudulent website each time the user tries to access the real website. There is nothing the user can do to prevent the attack." This type of attack is also known as Pharming and up until recently the common belief was that fraudsters need to compromise either the user's computer or the DNS server itself to launch the attack. This flaw offers the possibility to launch a Pharming attack which works even if the user's computer and the DNS server are highly secured.

For more information visit http://www.trusteer.com/docs/bind9dns_s.html .

Bookmark to:
Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Del.icio.us Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to digg Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to FURL Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to reddit Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Technorati Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Yahoo My Web Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Stumble Upon Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Google Bookmarks Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to RawSugar Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Squidoo Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Spurl Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Netvouz Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Rojo Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Bloglines Add 'DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device' to Tailrank
Add comment
Security Software Zone is not responsible for the content of these User comments. The views and opinions expressed are those of the individual poster and not the Security Software Zone.
User comments (0):

There is no comment for this review.
 
Reviews related to DNS Forgery Pharming - Remotely Force Consumers to Visit Fraudulent Websites Without Compromising any Computer or Network Device
 

Oracle E-Business Suite Financials Applications Now Features Silhouette™
 An enterprise class data scrambling tool created for Oracle Human Resources and Payroll Applications, Silhouette™, is now available for Oracle Payables and Oracle Receivables.
Read More >
03/31/2008, 12:33
 

Credit Monitoring and Other Credit Management Tools From Adaptive Marketing LLC
 AP9 Privacy Matters 123 is a security and privacy membership program presented by Adaptive Marketing LLC.
Read More >
04/14/2007, 16:09
 

New Interface Designed to Work with the Orion Systems Signature Capture Technology for Rental Car Companies
  The interface that TSD has developed allows the signature to be integrated directly into our rental management software.
Read More >
07/18/2007, 16:18
 

Consumers Advised to Protect Themselves from Online Predators and Scams
 Consumers can be protected from online predators, scams and con-artists with the help of a new service. Recently opened for business, Asset Search Pros hopes to help individuals battle these potential online threats.
Read More >
05/22/2008, 11:35
 

New Blog Titled Identity Theft Prevention and Recovery that is Located at www.idsafeguards.blogspot.com - Issues, Legislation, Best Practices and Market Movements
 The blog can be found at www.idsafeguards.blogspot.com, and it will discuss issues, legislation, best practices and market movements associated with the explosion of identity theft in the country.
Read More >
07/19/2007, 22:04

Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District