From Internet flaw could let hackers take over the Internet.
Impressive title, but it seems to me it’s a man in the middle exploit somewhere. But the lack of details still leave me curious. The blog calls it “DNS rebinding”, but I can’t seem to find the nature of the exploit. What’s the straight dope on this?
In an incredibly amusing coincidence, that link crashes my browser, may you perhaps have an alternate link?
Slashdot article with links here. Basically they’re waiting for everyone to be patched before revealing the details of the vulnerability so that bad guys can’t make use of it.
Okay, looking around I think I sort of got it.
DNS rebinding basically works by exploiting the same origin policy. This basically allows a script to communicate with the same host it came from. However it seems to work by DNS, rather than an IP.
You go to a domain and it resolves as normal to an IP. It seems to work by sending you to a server that sends packets with a very low Time to Live parameter on the packets, preventing their caching (I think this is so your computer keeps asking what IP it needs to connect to, maybe another can clarify). The IP then proceeds to send you a script to activate in a few seconds, and then rebinds the DNS (the site you went to) to a local address, this is a perfectly valid DNS response of course. The script then proceeds to activate, do its thing, and rebinds the IP BACK to the original, malicious IP, with a webpage from your internal server attached and sends what it learned back to the original IP.
Remember, this whole time it’s been acting within the parameters of the same origin policy, it’s been acting with the correct hostname the (new) IP just happened to be a private internal address. Rinse and repeat. Doing this they can bypass firewalls and grab personal documents (and visited sites), use your own browser to send spam via their script, or whatever else a simple javascript, flash script, or whatever can do.
A couple articles:
http://www.hackszine.com/blog/archive/2007/08/dns_rebinding_how_an_attacker.html
For those concerned, you can check your DNS’ safety here.
So, once a hacker “took over” the Internet, what would (s)he do with it?
Use it to finally take down Superman! I mean what ELSE would they do?
I mean, seriously the media has never been faced with a threat they couldn’t grossly exaggerate. This is dangerous, but it’s not like we’re all D-E-D dead here. (They’d use it to spread malware and spam… probably).