Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2008
09:05 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

RSA Session Features Live Linksys Router Hack

Researcher Dan Kaminsky plans a live demo to show a DNS rebinding attack in action

SAN FRANCISCO -- RSA 2008 Conference -- Researcher Dan Kaminsky here today will demonstrate a live hack of a Linksys home router to illustrate how easy it is to exploit an old browser and browser plug-in vulnerability he’s been researching and warning the security community about since last year. (See Old Flaw Threatens Web 2.0 and Hack Sneaks Past Firewall to Intranet.)

Kaminsky, who is also director of penetration testing for IOActive, says he decided to make the so-called DNS rebinding vulnerability more visual to get browser vendors to fix the flaw, which is not actually in DNS but in browsers and browser plug-in programs such as Java, Flash, and Adobe. He says although DNS rebinding is a difficult problem to correct, he hopes his demo during his “Black Ops of Web. 2.0: DNS Rebinding Attacks” session will get the attention of browser vendors.

“I’m a bit bothered that nobody realized that full router compromise is pretty much done and over with until the browsers get fixed. So I'm making it all visual,” Kaminsky says.

He says he will provide plenty of “prescriptive” guidance to device manufacturers as well as mitigation techniques and workarounds. DNS rebinding has worried researchers with the advent of Web 2.0-based sites because the more code and action occurring on the client, the more at risk it is to a DNS rebinding attack.

Kaminsky demonstrated a DNS binding attack at Black Hat USA last summer that made a victim’s browser a proxy server for an external attack to infiltrate the victim’s intranet.

DNS rebinding lets an attacker use DNS tricks to reach a different IP address than the one the browser is connected to -- the browser theoretically should block this by binding the host name to a particular IP address, but a flaw in many browsers and plug-ins lets an attacker interrupt that.

Meanwhile, OpenDNS today released a free tool called fixmylinksys.com that lets Linksys users easily change their default password to protect themselves from the type of hack Kaminsky will demo. “This will stop all the automated attacks that Dan is showing at the RSA conference today. It's easy and is done over the Web,” says David Ulevitch, CEO of OpenDNS.

OpenDNS also launched a new type of DNS filter today that protects users from a DNS response from a malicious server. "In short, a DNS response from a malicious server that resolves to a host inside your network would get blocked,” Ulevitch says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Linksys
  • IOActive

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/13/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-14300
    PUBLISHED: 2020-07-13
    The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
    CVE-2020-14298
    PUBLISHED: 2020-07-13
    The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
    CVE-2020-15050
    PUBLISHED: 2020-07-13
    An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
    CVE-2020-10987
    PUBLISHED: 2020-07-13
    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
    CVE-2020-10988
    PUBLISHED: 2020-07-13
    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.