Unformatted text preview: ld redirect yo u to impo sto r Web sites
that lo o k like a bank o r e-co mmerce retailer but are really set up to harvest passwo rds and
credit card data. This exact scenario played o ut when the DNS o f NET Virtua, a Brazilian Internet service pro vider, was hacked via a technique called DNS cache po iso ning. Cache po iso ning explo its a
ho le in DNS so f tware, redirecting users to sites they didn’t request. The Brazilian DNS hack
redirected NET Virtua users wishing to visit the Brazilian bank Bradesco to f raudulent Web
sites that attempted to steal passwo rds and install malware. The hack impacted abo ut 1 percent
o f the bank’s custo mers bef o re the attack was disco vered.D. Go din, “Cache-P o iso ning Attack
Snares To p Brazilian Bank,” The Register, April 22, 2009. The explo it sho wed the impo rtance o f paying attentio n to security updates. A f ew mo nths
earlier, a gro up that Wired magazine ref erred to as “A Secret Geek A-Team”J. Davis, “Secret
Geek A-Team Hacks Back, Def ends Wo rldwide Web,” Wired, No v. 24, 2008. had develo ped a
so f tware update that wo uld have prevented the DNS po iso ning explo it used against NET
Virtua, but administrato rs at the Brazilian Internet service pro vider f ailed to update their
so f tware so the hackers go t in. An additio nal upgrade to a DNS system, kno wn as DNSSEC
(do main name service security extensio ns), pro mises to f urther limit the likeliho o d o f cache
po iso ning, but it may take years f o r the new standards to be ro lled o ut everywhere.J.
Hutchinso n, “ICANN, Verisign P lace Last P uzzle P ieces in DNSSEC Saga,” Netw o rkWo rld,
May 2, 2010. K E Y TAK E AWAYS
The I nternet is a network of networks. I nternet service providers connect with one another to
share traffic, enabling any I nternet‐connected device to communicate with any other.
URLs may list the application protocol, host name, domain name, path name, and file name, in
that order. Path and file names are case sensitive.
A domain name represents an organiz ation. Hosts are public services offered by that
View Full Document
This document was uploaded on 01/31/2014.
- Winter '14