News

Half of web domain name servers are ‘open to attack’

Key points:
Domain name servers are wrongly configured and so vulnerable to attack

If DNS systems fail, all Internet functions become unavailable

Many networks are vulnerable to pharming attacks

More than 29% of servers allow duplication of segments of DNS data

Half of the web’s domain name servers are wrongly configured, leaving companies and large sections of the internet’s infrastructure open to attack.

Infoblox, a developer of security appliances, and The Measurement Factory, a performance testing company, have just released their 2006 DNS Report Card.

DNS servers map domain names into IP addresses, directing users’ internet enquiries to the appropriate location.

Should an organisation’s DNS systems fail, all internet functions, including e-mail, web access, e-commerce and extranets become unavailable.

The DNS survey was based on a scanned sample of systems consisting of almost 80 million DNS devices, or 5% of the main IP version 4 based devices being used on the internet.

The survey found that 50% of DNS servers allow recursive name services - a form of name resolution that often requires a name server to relay requests to other name servers.

This leaves many networks vulnerable to pharming attacks and enables their servers to be used in DNS amplification attacks that can take down important DNS infrastructure, said the two companies.

In addition, more than 29% of DNS servers surveyed allow zone transfers to arbitrary queries, enabling duplication of an entire segment of an organisation’s DNS data from one DNS server to another, and leaving them easy targets for denial of service attacks.

Dan Kaminsky, security researcher at Doxpara Research, said, “People tend to take DNS for granted, but if it goes down so does your network. As this data shows, there are organisations that should take urgent action to bolster their DNS infrastructure.”

Antony Savvas
Computer Weekly

More information:
www.infoblox.com
www.dnsstuff.com
How does spyware get on your PC?

Speaking at the Virus Bulletin 2005 conference in Dublin, Eric Chien, senior antivirus researcher at Symantec, outlines the common ways users are picking up spyware. Pop-up windows which suggest security updates and clock settings are available, or new messages are unread, often tempt less security-minded users to click.
"We've actually seen people create a full screen pop-up of a fake 'blue screen'," said Chien. Users are forced to act out of the belief their machine has crashed.
Chien said there are currently around 11,000 families of spyware applications and those intent on getting the malicious software onto users' machines are coming up with almost as many ways of doing so.
Some methods of installing spyware on a PC are obvious to the more tech-savvy user. A pop-up which openly asks a user if they want to install an application may seem crude but if it tells a user they need this tool to access a website they may be inclined to click.
The use of an install window that users will have seen when installing applications they do want may also create an impression of legitimacy.
Often such windows will be persistent, said Chien, popping up repeatedly and preventing the user from navigating away. They will keep popping up until the user caves in or shuts down their browser via their task bar (ctrl + alt + del).
Media downloads can also be a source of spyware. Chien said he illegally downloaded episodes of Family Guy over BitTorrent "purely for research purposes" and found the files he received contained spyware application 180 Search Assistant, now called Zango.
The end user licensing agreement (Eula) can also be a giveaway and Chien warned that users should never take it for granted that there aren't nasty surprises lurking a long way down the terms and conditions.
GAIN features heavily in many tales of spyware woe, due to its association with the widely used Kazaa application.
Despite claiming it is an entirely legitimate organisation, GAIN and the associated Gator name are familiar thorns in the side of many anti-spyware advocates.
Chien said not only does the GAIN Eula state it will relay information back from the user's PC, it also states - in hope perhaps more than expectation - that users cannot remove the spyware from their PC or even encourage others to do. Other Eula's Chien has seen even include references to the fact the application may access and exploit user data held in Outlook address books and other critical applications.
Many spyware applications are programmed so as to be close to impossible to remove once installed, warned Chien.

Source Silicon.com
Wireless VOIP
Standard aims to boost voice over IP quality

A specification that should improve the quality of voice and video data on wireless local area networks has received approval from the IEEE.

The standards body has approved the 802.11e specification, which aims to deliver a set of technologies for prioritising traffic and preventing packet collisions and delays when a network is carrying mixed traffic.

This should improve the experience of users making voice over IP calls and watching video over wireless Lans.

The first Wi-Fi-enabled phones are now appearing, with Zultys Technologies due to launch phones that support voice over wireless Lans next month, and Avaya and Nokia planning products for launch in January.

Wireless Lans based on the established 802.11 standards usually have all users sharing network capacity, with no packet of data getting priority over another.

This is not a problem with applications such as e-mail and surfing the web, but voice and video data packets have to reach their destination at precisely the right time. The 802.11e standard should help ensure that they do.

Antony Savvas
Computer Weekly

Contingency Plans for SME's
Most small and medium-sized businesses have no contingency plans for staff who might be unable to get to company offices in the aftermath of an emergency, research by Cable and Wireless reveals.

Over 65% of SMEs admit their businesses would be materially affected if staff were unable to come into the office for a day or less,...

... yet a third of SMEs outside London and two-thirds in London have no business continuity plans in place.

The survey of 100 organisations also reveals that less than a third of small businesses have updated their business continuity plans since the 7 July London bombings.

Jim Norton, senior policy advisor at the Institute of Directors, said that business leaders had a responsibility to plan for business continuity.

“The tragic events of 7 July and Hurricane Katrina, as well as potential fuel shortages, have each shown in their own way that businesses are vulnerable to events beyond their control,” he said.

The survey shows that although a third of small businesses recognised the need to back up data, they did not keep back-ups outside their headquarters, which placed them at risk if their offices became inaccessible.

Two-thirds of the companies had no provision for staff to work from home or to access company networks.

This lack of planning could leave businesses vulnerable if police cordons, fires, floods or terrorist incidents made buildings inaccessible.

“We are calling for businesses to take business continuity planning in all its aspects – technology, people and processes – very seriously," said Norton. "That means backing up data offsite, having access to alternative facilities and giving employees technology to work from home.”

*Viruses and worms present the biggest security risk for small and medium-sized businesses, a survey of more than 700 organisations by Forrester Research shows. The businesses also saw spyware and spam as more significant threats than external hackers and identity theft. However, European businesses were less concerned about malicious code than US firms.

Bill Goodwin
Computer Weekly