terça-feira, 30 de dezembro de 2014

Internet Systems Consortium Website also Hacked

Remember How just Last Week I Told All you Dedicated System and Network Administrators that, you Weren't Going to be Starting your Holiday Weekend Early because of a Serious NTP Security Hole ? Well, Turn your Car Around and Head Back to the Server Room. The Internet Systems Consortium (ISC) has Taken the Site Down for Maintenance because, they "believe we may be infected with malware". Oh Boy. OK so, those of you are Battle-Hardened Network and Sysadmins Already Know Why this is Bad News and you're Already Logging in via SSH to your Domain Name System (DNS) Servers. For the Rest of you, Here's Why this Could be Really, Really Bad News. ISC is the Group Behind the Open-Source Berkeley Internet Name Domain (BIND) Program. BIND is Arguably the Most Popular DNS Software on the Planet. It is Certainly the Most Used DNS Program on the Unix and Linux Systems that Make Up Most of the Internet's Fundamental Infrastructure. DNS is the Master Address List of the Internet. It's What Translates Every Human-Readable Internet Address in the World, Say http://www.google.com, into its IPv4 and IPv6 Addresses. These Numeric Addresses are then Used by Routers and Switches to Move Data from your Computer, Smartphone, Tablet, Whatever, to your Websites, your Email Server and Back Again.


In Other Words, it's Really Important. Without DNS, there is No Functional Internet. If the BIND Code itself has been Corrupted and you've Updated your DNS BIND Server with the Code, you Could be in for a World of Hurt. Your Website Might Now Have a Security Hole on it. It's also All Too Possible that, it Could be Used for a Distributed Denial of Service (DDoS) Attack. Adding Insult to Injury, ISC Runs the F DNS Root Server. This is 1 of the 13 Root Servers that the Internet Relies upon for Global DNS Services. Before you Start Hyperventilating, it May Not be that Bad. Cyphort, an Internet Security Company, Reported that, they'd Told ISC that their Website had Malware on it on December 22nd. ISC's Main Site, which Used an Out of Date Version of WordPress, had, according to Cyphort had been Compromised to Point Visitors to the Websites Infected with Angler Exploit Kit. Fortunately, for the Internet, if Not Windows Users, Angler is a Windows Specific Malware Package. On the Other Hand, while ISC's DNS Code and DNS Servers are on Separate Servers from the Front-End WordPress Driven Website, Where there's' been One Security Compromise, there Might Have been Other, More Critical Ones.


For Now, there are No such Reports on the BIND Announcement or BIND-User Mailing Lists. On the Static Page, that Now Greets you on the ISC Site, ISC Recommends that, Anyone Who's Visited the Website Recently "scan any machine that has accessed this site recently for malware". In a Separate Issue, on December 9, Carnegie Mellon University's Computer Emergency Response Team (CERT) has Reported that, there is a New DNS Vulnerability by which Recursive DNS Resolvers Can be Knocked Out of Service by an Infinite Chain of Referrals if Provoked a Malicious DNS Authoritative Server. This Problem has been Fixed so, you'll Need to Update BIND. So, it Looks Like the Chances are that, ISC's Problem is Limited to Windows PC Malware and it Hasn't Effected BIND or ISC's DNS Site. But, do you Really Want to Take that Chance ? I Didn't Think so. Start Checking your Sites for Malware Now and Looking at your DNS Logs for Suspicious Activity. That's What I'm Doing Now. Lucky us.




Info Sources:

https://www.isc.org

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-bind.html

http://www.cyphort.com/isc-org-infected

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26992

https://lists.isc.org/pipermail/bind-announce/2014-December/thread.html

https://lists.isc.org/pipermail/bind-users/2014-December/thread.html

http://www.cert.org

http://www.kb.cert.org/vuls/id/264212



0 comentários:

Enviar um comentário