[OPLIN 4cast] OPLIN 4Cast #630: Hacking the Internet's Phonebook

OPLIN OPLIN support at oplin.ohio.gov
Wed Jan 23 10:30:02 EST 2019 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #630: Hacking the Internet's Phonebook
January 23rd, 2019

[image: Close-up of writing fingers of hacker, spy or censor. Detail of a
book with Secure DNS lettering on background. Digitization and cyber
security] There are two big breaking stories about exploits involving DNS
-- Domain Name Service, the "phonebook of the internet
<https://www.cloudflare.com/learning/dns/what-is-dns/>." One involves a
type of spamming attack facilitated by a vulnerability in how organizations
manage their internet domains, specifically at GoDaddy.

(Moral: make sure *all* your domains, including the "parked" ones that you
bought *just in case*, are fully configured on your DNS host. Hopefully it
goes without saying to not let them expire.)

The other big DNS story stems from a FireEye report
<https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html>
on a global DNS hacking campaign affecting "dozens of domains belonging to
government, telecommunications and internet infrastructure entities across
the Middle East and North Africa, Europe and North America."

(Moral: use strong passwords and authentication, and don't re-use them
across different services. Be particularly careful of the password that
controls your agency's name on the internet.)

   -
   - GoDaddy weakness let bomb threat scammers hijack thousands of big-name
   domains
   <https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/>
    [*Ars Technica*] "The company responded with the following
statement: *After
   investigating the matter, our team confirmed that a threat actor(s) abused
   our DNS setup process. We’ve identified a fix and are taking corrective
   action immediately*."
   - Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com
   <https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/>
   (*Krebs on Security*) "Experts warn this same weakness that let spammers
   hijack domains tied to GoDaddy also affects a great many other major
   Internet service providers, and is actively being abused to launch phishing
   and malware attacks...."
   - A Worldwide Hacking Spree Uses DNS Trickery to Nab Data
   <https://www.wired.com/story/iran-dns-hijacking/> (*Wired*) "DNS
   hijacking is a relatively easy way to still access internal data without
   ever needing to actually get inside an organization’s systems."
   - DHS issues security order after DNS hijack attacks from Iran, 6 agency
   domains already affected <https://boingboing.net/2019/01/22/dhs-dns.html>
   (*Boing Boing*) "DHS says managers need to audit DNS records for
   unauthorized edits, update their passwords, and turn on multi-factor
   authentication for all accounts through which DNS records could be altered.
   Agencies have two weeks to implement the directives."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Preimesberger, Chris. “Six Things Enterprises Should Know About
   Securing Their DNS
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=voh&AN=134090336>
   .” *EWeek*, Jan. 2019, p. N.PAG
   - Robertson, Jordan. “E-Mail Spam Goes Artisanal
   <https://proxy.oplin.org:2111/login.aspx?direct=true&db=buh&AN=112541447&site=ehost-live>
   .” *Bloomberg Businessweek*, no. 4461, Feb. 2016, pp. 30–31.
   - Guidry, Martin. "Overview of DNS
   <https://www.lynda.com/PowerShell-tutorials/Overview-DNS/432862/496469-4.html>."
   *Building Your Technology Skills*. Lynda.com, Mar. 16, 2016.

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast.

© 2018 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20190123/9bedc53c/attachment.html>

More information about the OPLIN4cast mailing list