ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN | DNS flaw..
All these "experts" keep putting out that there's security flaws, yet nothing ever happens..
OmGz teh interwebs is going to FaIL!!!1!1 ...
Hasn't happened and until it does, I'll keep yawning.
--
WhY sO SeRiOUs!? |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| And this is the same attitude that keeps many users from cleaning the viruses, worms, and trojans off their machines.
If this exploit turns out to be as easy as it's reported to be, you're going to see it used a lot. The Internet won't fail, but a lot of folks are going to get scammed. If you don't think it will happen, check your spam folder and see all the phishing attempts out there. Right now, if you're a careful user and don't get infected, you can be reasonably safe. If this DNS exploit is used, you won't be able to trust any site you're visiting as being legit. |
|
insomniac84
join:2002-01-03
Schererville, IN | We will see it a lot only because:
step 1 - alter dns records
step 2 - ?????
step 3 - profit |
|
mworks
join:2006-06-13
Faison, NC
| said by insomniac84  :We will see it a lot only because: step 1 - alter dns records step 2 - ????? step 3 - profit Alter a site like bank of america, grab login info for just 5 minutes and walk away with thousands . |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to insomniac84
Ah, but I can complete that for you.
step 1 - alter dns records
step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites
step 3 - grab credit card numbers and usernames/passwords
step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts
step 5 - profit |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| reply to ztmike
It doesn't happen thanks to a massive, 80+ vendor coordinated patch to DNS services, including every major ISP on the planet. Way to be naive, though.
»With DNS Flaw Now Public, Attack Code Imminent
»Poor NAT design leaves some patched DNS servers vulnerable
»DNS Critical Flaw Explained?
»Internet flaw could let hackers take over the Web
--
Interested in open source engine management for your Subaru? |
|
baineschile1
@comcast.net | reply to ISurfTooMuch
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"? |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to Cabal
It doesn't happen if the ISPs take heed and patch their DNS servers. If you read the article, you'd see that many have yet to do so.
Issuing warnings is great, but warnings don't fix the problem. Acting on those warnings does, and many ISPs seem to be asleep at the switch. |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to baineschile1
You'd think that would be a deterrant, but people seem to still get away with it. And I'd imagine many stolen card numbers would be printed on counterfeit cards and used overseas. I doubt a shop in Moscow or Shanghai is going to care too much if a card is stolen as long as the transaction is approved. The shop owner is going to sell the goods for a profit, and they can always deny they knew the card was stolen if they're asked about it.
Still, I think the big money would be in selling the numbers. The seller gets their money, and the buyers use the cards until they're canceled. |
|
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs:
 ·Charter Pipeline
 ·AT&T Southwest
| reply to baineschile1
said by baineschile1 :
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"?
there's no real enforcement out there for these smallish crimes. local police won't touch it and credit card companies prefer to write it off, as long as it's not too much.
the lawyers and effort would cost them more than it's worth.
sad but true. |
|
haze_nme
join:2004-01-13
Tucson, AZ | reply to baineschile1
You can get away with using stolen card numbers for intangible things like memberships to sites, or for purchasing more domain names/hosts. |
|
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
| reply to ISurfTooMuch
said by ISurfTooMuch :Ah, but I can complete that for you. step 1 - alter dns records step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites step 3 - grab credit card numbers and usernames/passwords step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts step 5 - profit step 4.5 - sell booty on ebay.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee |
|
Sodium
Premium
join:2003-12-02
Rice Lake, WI | reply to insomniac84
Re: DNS flaw..
Am I the only person that gets the reference to the Underpants Gnomes? |
|
insomniac84
join:2002-01-03
Schererville, IN
1 edit | reply to baineschile1
Re: DNS flaw..
said by baineschile1 :
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"?
People will ship to other addresses and attempt to intercept the package. It happened to my grandma. She got a package with what she refers to as computer thing. Calls the shipper and the company and neither cared it wasn't hers and she didn't pay for it. (Maybe the companies all assumed it must have been a gift because no one reported fraud?) But a few days later some kid comes to her door and says he heard she got a package. She knowing there was no way this was possible, she told him he could have it if he calls UPS and get them to authorize her to give it to him. She never saw him again and after a few months (in case someone did want it back) she told me about it. It was a mediocre video card and I think I ended up putting in an aunt's computer. |
|
Done_Posting
Shoot to kill
Premium
join:2003-08-22
Toledo, OH
·buckeye cable
| reply to Sodium
said by Sodium :Am I the only person that gets the reference to the Underpants Gnomes? Nope! It's pretty tough to miss it, if you're "in the know"... 
- Tate
--
Happiness is an OC-768 in your basement... |
|
