lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54514A30B364B798FD587E8B@utd59514.utdallas.edu>
Date: Wed, 21 Nov 2007 09:56:49 -0600
From: Paul Schmehl <pauls@...allas.edu>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Warning: Hackers hijacking unused IP
 Addresses inside Trusted domains [POC]

--On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security 
Information Portal <cross-site-scripting-security@...worm.com> wrote:
>
> In the case of Yahoo, security firm Finjan said hackers exploited an
> unused IP address within Yahoo's hierarchy and used that as the domain
> address behind a forged Google Analytics domain name. This fooled the
> Finjan Web-filtering product into believing a person was going to a
> highly trusted Yahoo domain. The victims, customers of Finjan, never knew
> they were on a malicious Web site, and neither did the security
> mechanisms on the network. (In this case, Finjan's Web-filtering
> product.)
>
> "They managed to resolve the domain name to an IP address owned by Yahoo.
> How they added an address into a DNS server to appear to be an IP address
> owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told
> InternetNews.com. He added that Yahoo, while responsive and quick to shut
> down the compromised address, did not disclose exactly what equipment was
> behind the compromised IP address.
>
If Yahoo was able to fix the problem quickly, then it would appear that 
Yahoo had a compromised domain server or servers.

-- 
Paul Schmehl (pauls@...allas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ