• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

DNS Exploit in the Wild

Page 9 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Originally posted by: StarsFan4Life
So is this no longer an issue? I can't believe it's not all over the news....I bet if it was, PEOPLE would panic, call their ISP and after a million calls they would finally fix it.
Click to expand...
Most of the article would be spent just explaining most of the technical details:
- What is a modem?
- What is a router?
- What is DNS?
- How is data sent on the Internet?
- What is a webhost?
- What is a domain?

And that assumes that the people writing the articles even have any clue what they're talking about, which isn't too likely.

 
I had some trouble logging into Amex the other day (but not other bank/credit card sites), but didn't think much about it until I found out about this bug. Check my ISP, it said it was vulnerable, so I read about OpenDNS and switched to that. Slightly concerned about it, but a couple of points make me feel better. Am I right about...

1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

2. So that has me concerned about my Amex experience. If it was compromised, a failed login seems like the reasonable outcome of trying to log in. But the bad guy would only have my (and thousands of others) username/password. After switching DNS, I changed all my passwords. Odds are the bad guy hasn't tried my login yet and now that I changed the password, it is useless info.

Anyway, I'll keep a look out of any odd transactions, but I think I'm safe. At least as safe as I've ever been.
 
Originally posted by: notionless
I had some trouble logging into Amex the other day (but not other bank/credit card sites), but didn't think much about it until I found out about this bug. Check my ISP, it said it was vulnerable, so I read about OpenDNS and switched to that. Slightly concerned about it, but a couple of points make me feel better. Am I right about...

1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.

2. So that has me concerned about my Amex experience. If it was compromised, a failed login seems like the reasonable outcome of trying to log in. But the bad guy would only have my (and thousands of others) username/password. After switching DNS, I changed all my passwords. Odds are the bad guy hasn't tried my login yet and now that I changed the password, it is useless info.

Anyway, I'll keep a look out of any odd transactions, but I think I'm safe. At least as safe as I've ever been.
Click to expand...

If the site was using two way authentication (you know, the verify the image stuff) then you are fine. If not, then you are not.
 
Originally posted by: notionless
1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.
Click to expand...

wouldn't it be possible for him to spoof the login site, then redirect with those credentials to the real site?
 
Originally posted by: fishjie
Originally posted by: notionless
1. If a bad guy spoofs a site, he makes it look like the legit site, right? But he wouldn't know any of my account details, right? So if I login and see my transactions and balances, I'm more than likely safe.
Click to expand...

wouldn't it be possible for him to spoof the login site, then redirect with those credentials to the real site?
Click to expand...
Or else it'll say something like, "Site is down for maintenance, sorry for the inconvenience, please try again later."

Plus, trying to log in as a way to find out if the site is legit is kind of a bad way of doing it.

 
Time to cower, ISPs are confirmably being attacked. AT&T's Dallas DNS server was poisoned yesterday, the thieves hijacked Google and who knows what else.
 
Yikes. Just checked my ISP (Verizon FIoS)...

Your name server, at x.x.x.x, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 41. Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds.
Click to expand...
 
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
 
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...

Facebook seems fine here. I'm using Opera though.
 
Your ISP's name server,xxxxxxxxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.
 
Originally posted by: Blayze
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...

Facebook seems fine here. I'm using Opera though.
Click to expand...

You apparently don't understand the problem.
 
Originally posted by: TallBill
Originally posted by: Blayze
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...

Facebook seems fine here. I'm using Opera though.
Click to expand...

You apparently don't understand the problem.
Click to expand...

No not completely. I just know my ISP showed that it wasn't patched according to the tests and I switched to OpenDNS. I'm also watching to make sure nothing seems "odd" when visiting sites. Thats really all I know to do.

I know if his login info wasn't stored it could be possible he wasn't actually on the Facebook site. I was just saying that I haven't seen that using Facebook and OpenDNS.
 
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...
I found that I could force SSL prior to entering login information by going to https://www.facebook.com/.
 
Originally posted by: moparacer
Hard to believe this has been out all this time and I just heard the first talk of it on the 12:00 radio news today.....
Click to expand...

It's security people that are freaking out about it because we know what CAN happen.
 
Originally posted by: TallBill
Originally posted by: Blayze
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...

Facebook seems fine here. I'm using Opera though.
Click to expand...

You apparently don't understand the problem.
Click to expand...
Oh I do hope someone hijacks Facebook.
And I hope they can't get it back online for a full week.

Scum of the Internet: Get to work.


 
Originally posted by: Jeff7
Originally posted by: TallBill
Originally posted by: Blayze
Originally posted by: RESmonkey
Can anyone on OpenDNS check Facebook for me? All my saved login info is gone, and Firefox always remembers login info for familiar sites.
Click to expand...

Facebook seems fine here. I'm using Opera though.
Click to expand...

You apparently don't understand the problem.
Click to expand...
Oh I do hope someone hijacks Facebook.
And I hope they can't get it back online for a full week.

Scum of the Internet: Get to work.
Click to expand...

Times logged in in past 3 months: Maybe 3.

Yeah, I don't get the fixation people have with it. It's a decently convenient way to keep in touch with people, but is still terrible.
 
well, i logged in to my ing-direct account and almost had a heart attack when i saw that they had changed the login ui. they even had text that said - "we have changed the login ui" which seemed real suspect given the timing. but their login shows a secret image and phrase that only i know to verify that its not a spoofed site, so i think its ok.

also facebook is awesome don't hate. i'm still going to use it regardless.
 
Originally posted by: fishjie
well, i logged in to my ing-direct account and almost had a heart attack when i saw that they had changed the login ui. they even had text that said - "we have changed the login ui" which seemed real suspect given the timing. but their login shows a secret image and phrase that only i know to verify that its not a spoofed site, so i think its ok.

also facebook is awesome don't hate. i'm still going to use it regardless.
Click to expand...
It's not like you've got much to lose.

"Oh god no!!!! They stole my Facebook password!!!! I'm going to lose.......nothing of value. Huh."

versus

"I think someone just got my bank account login. Oh crap."

 
I almost panicked when I got locked out of my CC online access due to too many "failed login attempts". Almost.

Then I realized I'd changed the password a few days ago. D'oh!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top