Sunday, December 28, 2014

Has North Korea now attacked BIND and domain names worldwide?

    For those of you who don't understand how the Internet actually works: Most people, a domain name is like google.com or yahoo.com or news.google.com.
    Without these domain names the Internet cannot function at all. One of the programs that controls domain names around the world has been infected with malware. IF something like this persists some domain names cannot function on the Internet in the short or long run depending upon how serious this malware attack is.
    So, because of this it is possible that some or all domain names(in other words the Internet itself) might not be able to properly function for a short or long time.

  1. news.list-online.com/%e2%80%8bbad-bad-internet-news...   Cached
    Pols : JFKs wisdom still rings true – Boston Herald Bad, bad Internet news: Internet Systems Consortium site hacked – ZDNet; Entertainment best-of 14: Brian ...

    ​Bad, bad Internet news: Internet Systems Consortium site hacked – ZDNet

    by | posted: December 28, 2014 0 comment
    webhosting
    If the BIND code itself has been corrupted, and you’ve updated your DNS BIND server with the code, you could be in for a world of hurt. Your site might now have a security hole on it. It’s also all too possible that it could be used for a Distributed Denial of Service (DDoS) attack.
    Before you start hyperventilating, it may not be that bad.
    OK, so those of you are battle-hardened network and sysadmins already know why this is bad news and you’re already logging in via ssh to your Domain Name System (DNS) servers. For the rest of you, here is why this could be really, really bad news.
    DNS is the master address list of the Internet. It’s what translates every human-readable Internet address in the world, say http://www.google.com, into its IPv4 and IPv6 addresses. These numeric addresses are then used by routers and switches to move data from your computer, smartphone, tablet, whatever, to your Web sites, your e-mail server, and back again.
    So, it looks like the chances are that ISC’s problem is limited to Windows PC malware and it hasn’t effected BIND or ISC’s DNS site. But, do you really want to take that chance?
    In other words, it’s really important. Without DNS, there is no functional Internet.
    ISC is the group behind the open-source Berkeley Internet Name Domain (BIND) program. BIND is arguably the most popular DNS software on the planet. It is certainly the most used DNS program on the Unix and Linux systems that make up most of the Internet’s fundamental infrastructure.
    Adding insult to injury, ISC runs the F DNS root server. This is one of the 13 root servers that the Internet relies upon for global DNS services.
    For now, there are no such reports on the BIND announcement or BIND-user mailing lists. On the static page that now greets you on the ISC site, ISC recommends that anyone who’s visited the site recently “scan any machine that has accessed this site recently for malware.”
    Cyphort, an Internet security company, reported that they’d told ISC that their site had malware on it on December 22. ISC’s main site, which used an out of date version of WordPress, had, according to Cyphort had been compromised to point visitors to the sites infected with Angler Exploit Kit. Fortunately, for the Internet, if not Windows users, Angler is a Windows specific malware package.
    In a separate issue, on December 9th, Carnegie Mellon University’s Community Emergency Response Team (CERT) has reported that there is a new DNS exploit by which recursive DNS resolvers can be knocked out of service by an infinite chain of referrals if provoked a malicious DNS authoritative server. At this time, December 26, ISC hasn’t fixed BIND for this potential problem. Other major DNS software providers, including Microsoft, NLnet, and PowerDNS haven’t fixed this bug either. There have been no reports to date of this hole being exploited.
    Related Stories:
    Remember how just last week I told all you dedicated system and network administrators that you weren’t going to be starting your holiday weekend early because of a serious NTP security hole? Well, turn your car around and head back to the server room. The Internet Systems Consortium (ISC) has taken the site down for maintenance because they “believe we may be infected with malware.”
    On the other hand, while ISC’s DNS code and DNS servers are on separate servers from the front-end WordPress driven site, where there’s’ been one security compromise there might have been have been other, more critical ones.

    bind9ubuntu.jpg
    ISC, the home for the BIND DNS program, was infected with malware. Time to take a long, hard look at your BIND-based DNS servers. O’Reilly Media
    Oh boy.
    I didn’t think so. Start checking your sites for malware now and looking at your DNS logs for suspicious activity. That’s what I’m doing now. Lucky us.
    end quote from:

    2.  
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)