Splash of Style...Macs, Photography, Design, and other Passions

DNS Poisoning & How To Protect Yourself

August 7, 2008 by debbie T | ComputersInternetMac CornerWeb DesignWeb DevelopmentWirelessWordPress
UPDATE: I will be updating this article very shortly. I have new info on how to change the DNS settings for dialup as well as wired users. I will be adding a few screen shots and step by step instructions.

Now I am not one to panic about malware on the web. I have always prided myself on smart & safe browsing. But when I first heard about the new DNS Poisoning problem on the Nosillacast podcast a couple of weeks ago, it scared me. This could be a problem affecting everyone, no matter what safety precautions they take while surfing the Internet.

The subject is so complicated, and I won’t pretend to understand it fully, but I think I understand it enough to explain the situation to my family and friends, which is what I am trying to do with this blog article.

Okay, bottom line is there is a type of flaw that can be exploited by the bad guys, which enables them hijack vulnerable unpatched systems at your Internet Service Provider (Comcast for example) and change the path of traffic to their own web pages. So, if you are trying to go to amazon.com, your browser address bar will display “http://www.amazon.com” but you might be redirected to the hijacker’s site who has created a web site that looks very similar to Amazon. From there, it could be possible to install malware to your computer or to trick you into giving your personal info like credit cards or passwords.

This vulnerability can also affect your email, which is even scarier. A bad guy could intercept your email message(s) and insert a malware attachment or web site link. And you wouldn’t even know it was happening.

Are you vulnerable?

The Security Now podcast lists several links to sites that will “test” your site for the vulnerability:
http://www.grc.com/sn/notes-155.htm

I ran the test @ DoxPara and the following message appeared:
“Your ISP’s name server, xxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.”

I have heard that similar messages are appearing for other Comcast users. Since the information I am finding online concerning Comcast is vague and unclear, I am not 100% sure I trust Comcast to deal with this. So, I am taking matters into my own hands until I am sure.

I have read that other ISPs like Time Warner and AT&T have NOT patched, so there are still a lot of people out there that are in trouble!

Good News – Use Open DNS

The good news is, you can bypass your ISP’s DNS computers, and use another. Open DNS is a very secure and highly recommended DNS server that offers use of its servers for FREE! All you need to do is change a couple of settings in your router.

Not using a router? If your computer is attached directly to a high speed modem (ie DSL, Cable, satellite) then you are highly vulnerable to this flaw, as well as many other attacks.

Using a router keeps you safe behind a “hardware” firewall, and that firewall can thwart most attacks…so do yourself a favor and head to Staples, Walmart, Target, or Amazon and buy a Linksys, Netgear, or DLink router. It is an absolutely necessary tool in today’s times!

Change Your Router’s Settings

It is very easy to change your router settings to use Open DNS servers instead of your ISP’s.

Note: Don’t worry, you aren’t changing to a new Internet Service Provider, you will still be using the same ISP, it’s just the DNS computer information that you are changing.

There are detailed instructions on the Open DNS site, but I will walk through the instructions for changing a Linksys router.

First you need to access your router’s settings. Linksys router users can use this link: http://192.168.1.1/.

A password window will appear. The user name is “admin” and unless you previously changed the access password, the default password will be “admin”.

Important note: in the router settings, your password should be changed for extra security. To learn more about configuring your router for better security, please read my prior article.

Once you have logged into your router, you should be on the “Setup” page/tab.

Toward the bottom of the page, there is a setting called “Network Address
Server Settings (DHCP)”. Locate “Static DNS 1″ and “Static DNS 2″ and type in Open DNS’s server numbers, which are:

208.67.222.222 and 208.67.220.220

NOTE: If you have current DNS settings, then write them down just in case you need to revert back.

change dns servers on linksys router

Once the new DNS numbers have been entered, click the “Save Settings” button. And that is it!

Again, if you are not using a router, I cannot stress enough that you need to go out and buy one. They are usually about $50 and sometimes less. I recommend the Linksys WRT54G series routers, but DLink and Netgear also make good routers. Buy whichever is on sale that week; most will have detailed instructions explaining how to set security.

Okay, next, a word or two about Open DNS. Besides free use of their DNS servers, they also offer all sorts of parental controls and other security. I haven’t really delved into their offerings, but from what I gather, it’s all free. How can all this be free? Well to offset their costs, they have advertising revenues. Keep in mind, that whenever you type in a wrong address into your browser, Open DNS will take you to a custom search page, usually with your corrected web site URL on top.

For instance, if you type “ebay” instead of “ebay.com”, your browser will take you to a search page for “ebay”. Some have complained that this isn’t fair, wah wah wah…but who cares. They have to make money somehow. I don’t mind that they make a little on searches.

To learn more about Open DNS and all their offerings, check out the Typical Mac User podcast for a special 3 part series on all the details.

Personal Computer Patches

Besides your ISP computers, personal home computers, as well as business computers also need to be patched.

As far as I can tell, Microsoft issued a security patch a week or two ago, so make sure you are 100% up to date with all your Vista or XP critical patches.

As for Mac users, there was a patch issued, but it looks like it doesn’t fix everything, so when I am out from behind my router, I think I am still vulnerable if I connect to an open wifi spot. I am still a bit foggy on that issue, so more research is needed.

More Questions

Since I am still learning about this vulnerability, I still have additional questions that I haven’t found answers to.

For example, are cell phones that connect to the Internet still vulnerable? What about if you use a VPN (virtual private network)? What about web based email like gmail?

There is also a problem with routers being vulnerable too, but the issue isn’t as dire, because they would only be attacking your small network. Initially, I think routers will be okay, and the bigger networks like ISPs will be attacked first. I would like to find out more about the router issues, and whether firmware patches will be issued.

Hopefully I can find the answers online soon.

Helpful sites if you want to learn more about the DNS Flaw:

Very Strange WordPress Error

February 6, 2008 by debbie T | WordPress

I just received a very strange WordPress error while trying to save my last article on iTunes.

I couldn’t save or publish the article, I would receive this error:

Precondition Failed
The precondition on the request for the URL /wp-admin/post.php evaluated to false.

I believe I narrowed it down to a specific sentence in my article that could be misunderstood as vicious code, I suppose.

I can’t even type in the sentence here because it causes the error when I save this article as well. So what I have done is break down the sentence into a list of words.

Isn’t that bizarre? It is the “deleting from Finder” that is causing the issue. I guess it is a safety precaution, and I do appreciate that, but it surprised me nonetheless.

WordPress Admin Page Not Found

September 20, 2007 by debbie T | WordPress

This issue popped up last month right after I updated my WordPress blogs to 2.2.2 – my public blog pages were loading perfectly, but when I tried to access any admin pages, I would receive the dreaded 404 error, with “Page Not Found”

It was bizarre because I getting the same error for all three of my WordPress blogs. I couldn’t find any help at the WordPress forums, so I contacted my host, trying to rule out a server problem.

While waiting for my help ticket to be answered, I checked my error logs and found this error message

“[2007-08-21 14:50:49]: error: directory is writable by others: (/home/xxxxx/public_html/xxxxx/wp-admin)”

On a hunch, I changed the directory permissions (for wp-admin) from 775 to 755, and voila, I now had access to my blog’s admin pages.

I posted an update to my help ticket, and found out that my host had been converting all the servers over to phpsuexec. Under phpsuexec, scripts all run as the user, and not the web server user “nobody” so permissions should not be any higher than 755.

Anyway, today I experienced the same problem accessing the admin after upgrading to WordPress 2.2.3, so I figured I best write an article about it, so I remember what to do if it keeps happening. I usually delete all necessary directories and files before uploading the new ones, so by default that directory must receive permissions of 775.

Hope it helps someone else if they are experiencing the same issues!

My TextPattern Blog is No More

July 2, 2007 by debbie T | TextpatternWordPress

Today, I completely removed my TextPattern blog. I really wasn’t using the blog for anything special, and since I am so rusty with TextPattern, I figured it was time.

I love using Paparazzi though. I made complete web screenshots of all the pages, then backed up the database and files. Someday I might like to try TextPattern again, but I am just really loving WordPress.

I am used to upgrading the WordPress software. Since I have three WordPress blogs, I get lots of practice!

Blogging from Dashboard

June 28, 2007 by debbie T | Mac SoftwareWordPress

I have never been a fan of Dashboard Widgets; I used Konfabulator on my old PowerBook.

With the new MacBook Pro, I decided to try new things, so Dashboard is getting a trial run.

I downloaded the WordPressDash widget, and here I am posting from my Dashboard. Cool.

Notes: The category menu is a bit awkward, since there doesn’t seem to be any particular order of the categories. And the font used in the text box is a bit small for my eyes. I don’t like that there is no spellcheck, but heck, for a quick post, it’ll do in a pinch!

Update: After publishing this post, I noticed the post categories (I chose “wordpress” and “mac software”) were completely different. Somehow it posted to “CSS” and “Ramblings” – I think I will just use it for drafts at this point.

WordPress Quicktag Buttons

June 9, 2007 by debbie T | WordPress

While searching for solutions for my WordPress/Firefox keyboard shortcut issue, I stumbled upon a terrific tutorial to customize the Quicktag menu bar. I have always wanted to add tags like <p> and <h3> to the menu, but couldn’t find the answer at WordPress.org.

This tutorial even discusses the option for adding a Quicktag button for &lt; to insert a < for easy code insertion into your posts.

http://www.tamba2.org.uk/wordpress/quicktags/

I will have to make time to read the other tutorials on this site. Looks like a real treasure.

WordPress 2 Keyboard Shortcuts Using Firefox 2

June 9, 2007 by debbie T | Firefox BrowserMac SoftwareWordPress

I recently upgraded to Firefox 2 on my Mac PowerBook. All seemed well, but I did keep an instance of Firefox 1.5 in my Applications folder just in case.

When posting in WordPress 2 using the simple text editor, I had been utilizing keyboard shortcuts for various html codes, such as the <a>anchor link</a> – which was Ctrl+Command+a.

Since upgrading to Firefox 2, the keyboard shortcuts did not work. They did work normally in Safari.

I searched online for answers, but no one else seemed to be having this issue. Finally, by trial and error, I realized that the keyboard shortcut was now fn+ctrl+a. I have no idea why it changed, but I am glad to have this feature again!

WordPress Automatically Redirects Revised Post Slugs

April 21, 2007 by debbie T | WordPress

This may be old news to some, but I accidentally noticed it after I recently updated one of my other blogs to 2.1.

WordPress has added a new feature to automatically redirect revised post URIs to the new page.

For example, if an article’s post slug was saved as “wordpress-redirects-new-post-titles” and weeks later, I decide that I want to change it to “wordpress-automatically-redirects-new-post-titles”, the old url will automatically be redirected to the new.

Try it!

One of my older articles original post URI is
…/thunderbird-adding-a-new-address-book/

and I just edited the post slug so the new file name is
…/thunderbird-adding-new-address-book/

So, even if you click on the old name, the post will automatically be redirected to the new name.

It doesn’t seem to be included in the list of changes for WordPress 2.1, but I found an article from the author of the original plug-in.

Note: this option does not appear to work with changes to actual permalink structure (Admin>Options>Permalinks). It would be a great idea for smaller sites, but if the site is large, and hundreds of links have to be redirected, I think it would put a strain on the server, wouldn’t it?

Configuring a Linksys Router

April 13, 2007 by debbie T | ComputersInternetWeb DesignWirelessWordPress

(updated 2008-11-9)

My friend Jenn is having a tough time properly configuring her Linksys wireless router, so I told her I would write a tutorial. (waving to Jenn!) Hopefully this will help her, and anyone else in need. I suggest printing this tutorial to follow along easier.

First off, let me state that I am not a security expert, so please take everything in this tutorial with a grain of salt. ;) My router is a Linksys WRT54G wireless router, and I am using Comcast for broadband internet access. If someone is using DSL or a different router model, then settings might be slightly different.

For lots more information on wireless security, I recommend the podcast “Security Now” with Steve Gibson and Leo Laporte. Along with the audio podcast, there are also text transcripts for each show. For specific wifi discussion, locate podcasts from 2005 – episodes 10 through 13.

Let’s get started

Read the Rest of the Article

TechCheatSheets.com

July 16, 2006 by debbie T | CSSInternetWeb DevelopmentWordPressXHTML

I love cheat sheets! Found a great resource at Tech Cheat Sheets.

Besides various cheatsheets for php, css, and html, you can also find WordPress Themes and Microformats cheatsheets.

I just used their easy submit form to send the URL for the Expression Engine Quick Reference cheat sheet.