ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN | DNS flaw.. All these "experts" keep putting out that there's security flaws, yet nothing ever happens..
OmGz teh interwebs is going to FaIL!!!1!1 ...
Hasn't happened and until it does, I'll keep yawning.
--
WhY sO SeRiOUs!? | |
|
 ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| Re: DNS flaw.. And this is the same attitude that keeps many users from cleaning the viruses, worms, and trojans off their machines.
If this exploit turns out to be as easy as it's reported to be, you're going to see it used a lot. The Internet won't fail, but a lot of folks are going to get scammed. If you don't think it will happen, check your spam folder and see all the phishing attempts out there. Right now, if you're a careful user and don't get infected, you can be reasonably safe. If this DNS exploit is used, you won't be able to trust any site you're visiting as being legit. | |
|
 | 
insomniac84
join:2002-01-03
Schererville, IN | Re: DNS flaw.. We will see it a lot only because:
step 1 - alter dns records
step 2 - ?????
step 3 - profit | |
|
| | mworks
join:2006-06-13
Faison, NC
| Re: DNS flaw.. said by insomniac84  :We will see it a lot only because: step 1 - alter dns records step 2 - ????? step 3 - profit Alter a site like bank of america, grab login info for just 5 minutes and walk away with thousands . | |
|
| | ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| Ah, but I can complete that for you.
step 1 - alter dns records
step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites
step 3 - grab credit card numbers and usernames/passwords
step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts
step 5 - profit | |
|
| | | 
baineschile1
@comcast.net | Re: DNS flaw.. never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"? | |
|
| | | | ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| Re: DNS flaw.. You'd think that would be a deterrant, but people seem to still get away with it. And I'd imagine many stolen card numbers would be printed on counterfeit cards and used overseas. I doubt a shop in Moscow or Shanghai is going to care too much if a card is stolen as long as the transaction is approved. The shop owner is going to sell the goods for a profit, and they can always deny they knew the card was stolen if they're asked about it.
Still, I think the big money would be in selling the numbers. The seller gets their money, and the buyers use the cards until they're canceled. | |
|
| | | | |
| | | | 
haze_nme
join:2004-01-13
Tucson, AZ | You can get away with using stolen card numbers for intangible things like memberships to sites, or for purchasing more domain names/hosts. | |
|
| | | |
insomniac84
join:2002-01-03
Schererville, IN
1 edit | said by baineschile1 :
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"?
People will ship to other addresses and attempt to intercept the package. It happened to my grandma. She got a package with what she refers to as computer thing. Calls the shipper and the company and neither cared it wasn't hers and she didn't pay for it. (Maybe the companies all assumed it must have been a gift because no one reported fraud?) But a few days later some kid comes to her door and says he heard she got a package. She knowing there was no way this was possible, she told him he could have it if he calls UPS and get them to authorize her to give it to him. She never saw him again and after a few months (in case someone did want it back) she told me about it. It was a mediocre video card and I think I ended up putting in an aunt's computer. | |
|
| | | 
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
| said by ISurfTooMuch :Ah, but I can complete that for you. step 1 - alter dns records step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites step 3 - grab credit card numbers and usernames/passwords step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts step 5 - profit step 4.5 - sell booty on ebay.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee | |
|
| | 
Sodium
Premium
join:2003-12-02
Rice Lake, WI | Am I the only person that gets the reference to the Underpants Gnomes? | |
|
| | | Done_Posting
Shoot to kill
Premium
join:2003-08-22
Toledo, OH
 ·buckeye cable
| Re: DNS flaw.. said by Sodium :Am I the only person that gets the reference to the Underpants Gnomes? Nope! It's pretty tough to miss it, if you're "in the know"... 
- Tate
--
Happiness is an OC-768 in your basement... | |
|
|
| ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| Re: DNS flaw.. It doesn't happen if the ISPs take heed and patch their DNS servers. If you read the article, you'd see that many have yet to do so.
Issuing warnings is great, but warnings don't fix the problem. Acting on those warnings does, and many ISPs seem to be asleep at the switch. | |
|
| | |
|
|
|
|
·