Security Watch

DNS Cache Poisoning

Laziness or stupidity are the main reasons for DNS cache poisoning, a study finds.

Hacking
The Measurement Factory, together with the Cooperative Association for Internet Data Analysis (CAIDA), performed a study investigating the scope of the perceived "DNS cache poisoning" issue. They investigated more than 6 million domain names and found a mere 284 that had any indication of performing poisoning attacks. They classified five indications of such attacks and stated they "found few fours and no fives," meaning none of the 284 performed all five indications.

The bottom line here is that they believe the majority of domains that perform any poisoning do so either out of laziness or stupidity. Rather than being intentionally criminal, the creators of the zones have made mistakes that subsequently could poison queries. Some of the 284 domains have actually been poisoned themselves.

"Never attribute to malice what can adequately be explained by stupidity."

Human Factors
A spokesperson for the University of Arizona's department of journalism recently claimed that all of the department's Macs had to be disconnected from their server and the Internet due to a break-in by a Romanian hacker.

The story just doesn't seem to make sense. The spokesperson claimed the hacker got in by repeatedly trying passwords, yet the same systems had been experiencing problems for several weeks leading up to the declaration there had been a break-in. This possibly suggests the problem is not what it appears to be. Further, they claim that no information has been lost so far, but there simply hasn't been adequate time to verify what has actually happened in order to make such a claim.

- A Nigerian criminal involved in what are called "419 scams" has been convicted on 48 of 58 charges and sentenced to 376 years in prison. "419 scams" are one of the oldest Internet phishing attempts involving convincing a victim to pay an amount of money up front with the hope of receiving tens of millions in the future. In this case, the criminal conned an American out of almost $2 million.

These token convictions occur from time to time, but unfortunately the criminal activity is still pervasive.

- The U.S. Department of Justice has indicted Christopher Maxwell on charges that he caused disruptions at Seattle's Northwest Hospital in 2005. Maxwell attempted to introduce his bots into the hospital's network and, in the process, caused operating doors not to open and intensive care unit computers to shut down, among other things.

For many years, the problems associated with computer security breaches have paled in comparison to so many other forms of problems because they couldn't cause physical injury. However, in today's dramatically networked world, it's becoming far more possible that the actions of a remote criminal could actually cause the death of someone.

Copyright
The Recording Industry Association of America made a pitch on MTV reminding viewers that, when reselling an iPod, it should be wiped clean of music. Apparently, far too many iPods are sold with the previous owner's music library intact, and some are even promoted due to the volume of music they contain.

The story suggests it's illegal to sell your iPod with music on it, but this in fact is not the case. Providing that you are selling the license to the music you have purchased and loaded on the iPod, you aren't in violation of any copyright laws. (Note: Doing this involves removing any copies of the music you may have on another device prior to selling the iPod.) Further, if you've copied physical media (such as CDs) to your iPod, you'd have to hand over the physical media together with the iPod itself.

While it's legal to sell iPods with music as described above, virtually all sales of music-filled iPods aren't done that way, either because the previous owner is unaware of the laws, or they are attempting to profit from selling copies of copyright material.

Governance
Despite acknowledging its customer was the victim of a criminal hacker, AT&T is suing HealthInsight for more than $25,000 for phone calls made. According to AT&T, HealthInsight was informed three times that unauthorized calls were being made by them, yet HealthInsight did nothing. HealthInsight is claiming that it had what they were told were "reasonable security measures in place" and feels that neither they, nor any other company who is a victim of hackers, should have to pay such charges.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

At issue here is likely going to be AT&T's claims that they informed HealthInsight three times. If that is true, and the notices were obvious, then HealthInsight is unlikely to prevail in court. The other issue will be the jury's impression of what HealthInsight claims are "reasonable security measures." There's no shortage of situations where a phone customer has ridiculous charges run up on their lines, be it by a hacker or their own kids, the vast majority of which end up with the customer having to pay the bills.

There's certainly a need for an alerting function from the telcos to such toll fraud. Unexpected or abnormal use of your credit card causes immediate action by the credit card company, often in the form of a decline and phone call while standing at the checkout. Why then isn't there a similar service provided by the telco?

According to a Dutch Web site, the British Home Office is in discussions with Microsoft attempting to have them provide a back-door entry mechanism to overcome the disk encryption provided in Windows Vista. It claims it may help terrorists and others who would attempt to evade detection or inspection, and hamper their ability to investigate confiscated computers.

Have these people not heard about PGP? Why must there always be this continuing effort to undermine security in the name of investigative powers. Any back door can ultimately be exploited against the people who requested it.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular