Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/8/2008
09:05 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

RSA Session Features Live Linksys Router Hack

Researcher Dan Kaminsky plans a live demo to show a DNS rebinding attack in action

SAN FRANCISCO -- RSA 2008 Conference -- Researcher Dan Kaminsky here today will demonstrate a live hack of a Linksys home router to illustrate how easy it is to exploit an old browser and browser plug-in vulnerability he’s been researching and warning the security community about since last year. (See Old Flaw Threatens Web 2.0 and Hack Sneaks Past Firewall to Intranet.)

Kaminsky, who is also director of penetration testing for IOActive, says he decided to make the so-called DNS rebinding vulnerability more visual to get browser vendors to fix the flaw, which is not actually in DNS but in browsers and browser plug-in programs such as Java, Flash, and Adobe. He says although DNS rebinding is a difficult problem to correct, he hopes his demo during his “Black Ops of Web. 2.0: DNS Rebinding Attacks” session will get the attention of browser vendors.

“I’m a bit bothered that nobody realized that full router compromise is pretty much done and over with until the browsers get fixed. So I'm making it all visual,” Kaminsky says.

He says he will provide plenty of “prescriptive” guidance to device manufacturers as well as mitigation techniques and workarounds. DNS rebinding has worried researchers with the advent of Web 2.0-based sites because the more code and action occurring on the client, the more at risk it is to a DNS rebinding attack.

Kaminsky demonstrated a DNS binding attack at Black Hat USA last summer that made a victim’s browser a proxy server for an external attack to infiltrate the victim’s intranet.

DNS rebinding lets an attacker use DNS tricks to reach a different IP address than the one the browser is connected to -- the browser theoretically should block this by binding the host name to a particular IP address, but a flaw in many browsers and plug-ins lets an attacker interrupt that.

Meanwhile, OpenDNS today released a free tool called fixmylinksys.com that lets Linksys users easily change their default password to protect themselves from the type of hack Kaminsky will demo. “This will stop all the automated attacks that Dan is showing at the RSA conference today. It's easy and is done over the Web,” says David Ulevitch, CEO of OpenDNS.

OpenDNS also launched a new type of DNS filter today that protects users from a DNS response from a malicious server. "In short, a DNS response from a malicious server that resolves to a host inside your network would get blocked,” Ulevitch says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Linksys
  • IOActive

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
    Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
    Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
    Robert Lemos, Contributing Writer,  7/28/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-4560
    PUBLISHED: 2020-08-03
    IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    CVE-2019-4589
    PUBLISHED: 2020-08-03
    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
    CVE-2020-4328
    PUBLISHED: 2020-08-03
    IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
    CVE-2020-4377
    PUBLISHED: 2020-08-03
    IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
    CVE-2020-4534
    PUBLISHED: 2020-08-03
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbi...