Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2008
09:05 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

RSA Session Features Live Linksys Router Hack

Researcher Dan Kaminsky plans a live demo to show a DNS rebinding attack in action

SAN FRANCISCO -- RSA 2008 Conference -- Researcher Dan Kaminsky here today will demonstrate a live hack of a Linksys home router to illustrate how easy it is to exploit an old browser and browser plug-in vulnerability he’s been researching and warning the security community about since last year. (See Old Flaw Threatens Web 2.0 and Hack Sneaks Past Firewall to Intranet.)

Kaminsky, who is also director of penetration testing for IOActive, says he decided to make the so-called DNS rebinding vulnerability more visual to get browser vendors to fix the flaw, which is not actually in DNS but in browsers and browser plug-in programs such as Java, Flash, and Adobe. He says although DNS rebinding is a difficult problem to correct, he hopes his demo during his “Black Ops of Web. 2.0: DNS Rebinding Attacks” session will get the attention of browser vendors.

“I’m a bit bothered that nobody realized that full router compromise is pretty much done and over with until the browsers get fixed. So I'm making it all visual,” Kaminsky says.

He says he will provide plenty of “prescriptive” guidance to device manufacturers as well as mitigation techniques and workarounds. DNS rebinding has worried researchers with the advent of Web 2.0-based sites because the more code and action occurring on the client, the more at risk it is to a DNS rebinding attack.

Kaminsky demonstrated a DNS binding attack at Black Hat USA last summer that made a victim’s browser a proxy server for an external attack to infiltrate the victim’s intranet.

DNS rebinding lets an attacker use DNS tricks to reach a different IP address than the one the browser is connected to -- the browser theoretically should block this by binding the host name to a particular IP address, but a flaw in many browsers and plug-ins lets an attacker interrupt that.

Meanwhile, OpenDNS today released a free tool called fixmylinksys.com that lets Linksys users easily change their default password to protect themselves from the type of hack Kaminsky will demo. “This will stop all the automated attacks that Dan is showing at the RSA conference today. It's easy and is done over the Web,” says David Ulevitch, CEO of OpenDNS.

OpenDNS also launched a new type of DNS filter today that protects users from a DNS response from a malicious server. "In short, a DNS response from a malicious server that resolves to a host inside your network would get blocked,” Ulevitch says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Linksys
  • IOActive

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Data Leak Week: Billions of Sensitive Files Exposed Online
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
    Lessons from the NSA: Know Your Assets
    Robert Lemos, Contributing Writer,  12/12/2019
    4 Tips to Run Fast in the Face of Digital Transformation
    Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-19807
    PUBLISHED: 2019-12-15
    In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
    CVE-2014-8650
    PUBLISHED: 2019-12-15
    python-requests-Kerberos through 0.5 does not handle mutual authentication
    CVE-2014-3536
    PUBLISHED: 2019-12-15
    CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
    CVE-2014-3643
    PUBLISHED: 2019-12-15
    jersey: XXE via parameter entities not disabled by the jersey SAX parser
    CVE-2014-3652
    PUBLISHED: 2019-12-15
    JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.