Full Disclosure mailing list archives
Re: Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 21 Nov 2007 09:56:49 -0600
--On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security Information Portal <cross-site-scripting-security () xssworm com> wrote:
In the case of Yahoo, security firm Finjan said hackers exploited an unused IP address within Yahoo's hierarchy and used that as the domain address behind a forged Google Analytics domain name. This fooled the Finjan Web-filtering product into believing a person was going to a highly trusted Yahoo domain. The victims, customers of Finjan, never knew they were on a malicious Web site, and neither did the security mechanisms on the network. (In this case, Finjan's Web-filtering product.) "They managed to resolve the domain name to an IP address owned by Yahoo. How they added an address into a DNS server to appear to be an IP address owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told InternetNews.com. He added that Yahoo, while responsive and quick to shut down the compromised address, did not disclose exactly what equipment was behind the compromised IP address.
If Yahoo was able to fix the problem quickly, then it would appear that Yahoo had a compromised domain server or servers. -- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] XSS Worm XSS Security Information Portal (Nov 21)
- Re: Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Paul Schmehl (Nov 21)
- Re: Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Gadi Evron (Nov 21)
- Re: Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC] Paul Schmehl (Nov 21)