[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]
- To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]
- From: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Date: Wed, 21 Nov 2007 09:56:49 -0600
--On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security
Information Portal <cross-site-scripting-security@xxxxxxxxxxx> wrote:
>
> In the case of Yahoo, security firm Finjan said hackers exploited an
> unused IP address within Yahoo's hierarchy and used that as the domain
> address behind a forged Google Analytics domain name. This fooled the
> Finjan Web-filtering product into believing a person was going to a
> highly trusted Yahoo domain. The victims, customers of Finjan, never knew
> they were on a malicious Web site, and neither did the security
> mechanisms on the network. (In this case, Finjan's Web-filtering
> product.)
>
> "They managed to resolve the domain name to an IP address owned by Yahoo.
> How they added an address into a DNS server to appear to be an IP address
> owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told
> InternetNews.com. He added that Yahoo, while responsive and quick to shut
> down the compromised address, did not disclose exactly what equipment was
> behind the compromised IP address.
>
If Yahoo was able to fix the problem quickly, then it would appear that
Yahoo had a compromised domain server or servers.
--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/