| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Nov 2007 09:56:49 -0600 From: Paul Schmehl <pauls@...allas.edu> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] --On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security Information Portal <cross-site-scripting-security@...worm.com> wrote: > > In the case of Yahoo, security firm Finjan said hackers exploited an > unused IP address within Yahoo's hierarchy and used that as the domain > address behind a forged Google Analytics domain name. This fooled the > Finjan Web-filtering product into believing a person was going to a > highly trusted Yahoo domain. The victims, customers of Finjan, never knew > they were on a malicious Web site, and neither did the security > mechanisms on the network. (In this case, Finjan's Web-filtering > product.) > > "They managed to resolve the domain name to an IP address owned by Yahoo. > How they added an address into a DNS server to appear to be an IP address > owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told > InternetNews.com. He added that Yahoo, while responsive and quick to shut > down the compromised address, did not disclose exactly what equipment was > behind the compromised IP address. > If Yahoo was able to fix the problem quickly, then it would appear that Yahoo had a compromised domain server or servers. -- Paul Schmehl (pauls@...allas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Powered by blists - more mailing lists