Anyway, the heartbleed bug pretty much allows an attacker to probe a server that will end up revealing the private key. Once an attacker knows the private key, they can decrypt session keys that have been sent to the server, and thus decrypt all of the encrypted traffic that goes back and forth between the browser and the server.
Another bit of magic with public key encryption is the notion of “digital signature.” Your browser can create a mathematical challenge using the public key that only someone with knowledge of the private key can solve. This is part of how a website proves to a browser that it is what it says it is. If an attacker learns the private key of some website, then it can masquerade as that site.
All in all, the capture of a server’s private key is a bad thing, and that is what this bug enables.
This project is part of a global effort to make the whole DNS secure and the Internet safer. The DNS is the directory that links web addresses to numerical IP addresses. Without the DNS, people would have to type difficult-to-remember numbers instead of a memorable name to get to a website or send an email.
Using a master key, the keyholders generate cryptographic keys that are used to sign domains, verifying that each entry on the DNS directory is authentic. This prevents a proliferation of fake web addresses which could lead people to malicious sites, which can be used to hack computers or steal credit card details.
Unallocated IPv4 address blocks are gone forever. However, carriers still have IPv4 addresses available for allocation, so IPv4 addresses will remain in use for some time to come. And though there may be no immediate crisis for service providers, businesses, or customers, there is steady pressure to enable IPv6 in every segment of the network ecosystem as the best way to address IPv4 address scarcity.
Here are a bunch of links related to Question 3 and 4 in Problem Set 2.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
- A video demo of Firesheep.
- Implications of Firesheep on Facebook and Twitter.
DNS Cache Poisoning:
- Angry Bird Website Defaced
Angry Birds developer Rovio has confirmed its website was briefly hijacked, most likely by hackers who managed to tamper with domain name system settings that ultimately control what server receives requests for a particular domain name.
- DNS Cache Poisoning Used in Brazilian Phishing Attack
According to Zscaler, attackers managed to force several DNS servers to resolve santander.com.br to an IP address under their control.
The spoofed page hosted on the rogue web server was very well crafted and looked identical to the real one.
Finally, a report from last month shows that many DNS servers remains insecure.
Half the internet lacks DNS security extensions
Just under half of the internet (47 percent) remains insecure insofar as many top level domains (TLDs) have failed to sign up to use domain name system security extensions (DNSSEC), including intensive internet using countries such as Italy (.it), Spain (.es) and South Africa (.za), leaving millions of internet users open to malicious redirect to fake websites, reports Ultra Electronics AEP.
There are two types of browser cookies: those that help sites to function, and those that enable ad tracking and monetization. When you browse the Internet normally, the first type of cookie is retained on websites so that when you visit the same website again, it remembers your preferences. The second type of cookie tells advertisers and other companies about your online behavior, what links you clicked on, which sites you visited, how you got there, and where you went next.
The China Internet Network Information Center, a state-run agency that deals with Internet affairs, said it had traced the problem to the country’s domain name system. One of China’s biggest antivirus software vendors, Qihoo 360 Technology, said the problems affected about three-quarters of the country’s domain-name system servers.
“I have never seen a bigger outage,” said Heiko Specht, an Internet analyst at Compuware, a technology company based in Detroit. “Half of the world’s Internet users trying to access the Internet couldn’t.”
Those domain-name servers, which act like an Internet switchboard, routed traffic from some of China’s most popular sites to an Internet address that, according to records, is registered to Sophidea, a company based, at least on paper, in that Wyoming building, in Cheyenne. It is unclear where the company or its servers are physically based, however.
Domain names, the basis of web addresses, are overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). They follow a hierarchy, much like physical addresses. If the web were a country, then a generic top-level domain like .com might be the state or province, and a second-level domain, like google.com, would be a city. Neighborhoods within the city can be found in either a suffix (google.com/images) or a prefix (images.google.com).
A recent talk (posted last Fri) by Mark Nottingham on where HTTP is heading to.
You will hear about what are the issues of HTTP/1.1 (due to its simplicity) and how they will be fixed in HTTP/2.0 (by adding complexity, unfortunately).