Re: [funsec] Subject line misleading. AT&T Pwned. Sweet Irony: Metasploit Creator a Victim of His Own Creation (fwd)
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss. Note: HD has not been compromised. Gadi. ---------- Forwarded message ---------- Date: Wed, 30 Jul 2008 11:46:49 -0700 From: Dragos Ruiu <dr@kyx.net> To: Paul Ferguson <fergdawg@netzero.net> Cc: funsec@linuxbox.org Subject: Re: [funsec] Subject line misleading. AT&T Pwned. Sweet Irony: Metasploit Creator a Victim of His Own Creation On 29-Jul-08, at 10:01 PM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Via PC World (IDG).
[snip]
HD Moore has been owned.
That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.
It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.
When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.
[snip]
More: http://www.pcworld.com/article/149126/2008/07/.html
- - ferg
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFIj/Wrq1pz9mNUZTMRAmAhAJ9lT5hosH5xBOWOsTFArDsw1MGN1ACg+wQR a12h7wcZ9hy0JN2DtHkuZGo= =Wv/X -----END PGP SIGNATURE-----
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's the time to see if an iphone's nameservers can be changed to opendns :)
Not so quick. Privacy policy? -M< On 7/30/08, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's the time to see if an iphone's nameservers can be changed to opendns :)
-- Sent from Gmail for mobile | mobile.google.com
Between a potential problem with privacy, and an actual problem with having my sessions redirected to the RBN, I'll take the privacy risk. YMMV.
-----Original Message----- From: Martin Hannigan [mailto:hannigan@gmail.com] Sent: Wednesday, July 30, 2008 9:13 PM To: Suresh Ramasubramanian; Gadi Evron; nanog@nanog.org Subject: Re: [funsec] Subject line misleading. AT&T Pwned. Sweet Irony:Metasploit Creator a Victim of His Own Creation (fwd)
Not so quick. Privacy policy?
-M<
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's
On 7/30/08, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: the time to
see if an iphone's nameservers can be changed to opendns :)
-- Sent from Gmail for mobile | mobile.google.com
On Wed, 30 Jul 2008, Tomas L. Byrnes wrote:
Between a potential problem with privacy, and an actual problem with having my sessions redirected to the RBN, I'll take the privacy risk.
YMMV.
Depends on your priorities--and that of whoever owns the phone. You, or your employer. Gadi.
-----Original Message----- From: Martin Hannigan [mailto:hannigan@gmail.com] Sent: Wednesday, July 30, 2008 9:13 PM To: Suresh Ramasubramanian; Gadi Evron; nanog@nanog.org Subject: Re: [funsec] Subject line misleading. AT&T Pwned. Sweet Irony:Metasploit Creator a Victim of His Own Creation (fwd)
Not so quick. Privacy policy?
-M<
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's
On 7/30/08, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: the time to
see if an iphone's nameservers can be changed to opendns :)
-- Sent from Gmail for mobile | mobile.google.com
If you don't mind OpenDNS proxying all your Google searches, sure. < http://blog.metasploit.com/2008/07/on-dns-attacks-in-wild-and-journalistic.h... > Personally, I would never use OpenDNS. Tactics like that are not particularly acceptable in my book, well-meaning or not. Not, however, trying to start a political debate - but OpenDNS does do a bit more than just act as a plain DNS resolver for you, and you should make that aware to anyone who uses it. - S -----Original Message----- From: Martin Hannigan [mailto:hannigan@gmail.com] Sent: Thursday, July 31, 2008 12:13 AM To: Suresh Ramasubramanian; Gadi Evron; nanog@nanog.org Subject: Re: [funsec] Subject line misleading. AT&T Pwned. Sweet Irony: Metasploit Creator a Victim of His Own Creation (fwd) Not so quick. Privacy policy? -M< On 7/30/08, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's the time to see if an iphone's nameservers can be changed to opendns :)
-- Sent from Gmail for mobile | mobile.google.com
I can point it to a colo'd resolver I have elsewhere - but opendns is rather more redundant. Yes I know what else it does re advertising and such, but I dont do any sensitive work related stuff through those resolvers anyway. On Thu, Jul 31, 2008 at 9:55 AM, Skywing <Skywing@valhallalegends.com> wrote:
If you don't mind OpenDNS proxying all your Google searches, sure. < http://blog.metasploit.com/2008/07/on-dns-attacks-in-wild-and-journalistic.h... >
Personally, I would never use OpenDNS. Tactics like that are not particularly acceptable in my book, well-meaning or not. Not, however, trying to start a political debate - but OpenDNS does do a bit more than just act as a plain DNS resolver for you, and you should make that aware to anyone who uses it.
oddly enough, i was chatting with a friend from the w3c while walking off-site to lunch from the dublin ietf about the life, and death, of the w3c's p3p project (i was a contributor, he works in a different area), and its possible re-animation. without meaning to (i assume) martin's made a landmark post -- one mentioning "privacy policy", on nanog. Martin Hannigan wrote:
Not so quick. Privacy policy?
-M<
On 7/30/08, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Thu, Jul 31, 2008 at 1:22 AM, Gadi Evron <ge@linuxbox.org> wrote:
I guess history decided the previous discussion in favor of vix. Although I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Well so if any of you uses an iphone to surf the net now's the time to see if an iphone's nameservers can be changed to opendns :)
participants (6)
-
Eric Brunner-Williams
-
Gadi Evron
-
Martin Hannigan
-
Skywing
-
Suresh Ramasubramanian
-
Tomas L. Byrnes