Re: [Full-disclosure] Warning: Hackers hijacking unused IP- Addresses inside Trusted domains [POC]

From: Paul Schmehl <pauls@utdallas.edu>
To: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Cc:
Subject: Re: [Full-disclosure] Warning: Hackers hijacking unused IP- Addresses inside Trusted domains [POC]
Date:


--On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security 
Information Portal <cross-site-scripting-security@xssworm.com> wrote:
>
> In the case of Yahoo, security firm Finjan said hackers exploited an
> unused IP address within Yahoo's hierarchy and used that as the domain
> address behind a forged Google Analytics domain name. This fooled the
> Finjan Web-filtering product into believing a person was going to a
> highly trusted Yahoo domain. The victims, customers of Finjan, never knew
> they were on a malicious Web site, and neither did the security
> mechanisms on the network. (In this case, Finjan's Web-filtering
> product.)
>
> "They managed to resolve the domain name to an IP address owned by Yahoo.
> How they added an address into a DNS server to appear to be an IP address
> owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told
> InternetNews.com. He added that Yahoo, while responsive and quick to shut
> down the compromised address, did not disclose exactly what equipment was
> behind the compromised IP address.
>
If Yahoo was able to fix the problem quickly, then it would appear that 
Yahoo had a compromised domain server or servers.

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.