Splash of Style...Macs, Photography, Design, and other Passions

DNS Poisoning & How To Protect Yourself

August 7, 2008 by debbie T | ComputersInternetMac CornerWeb DesignWeb DevelopmentWirelessWordPress
UPDATE: I will be updating this article very shortly. I have new info on how to change the DNS settings for dialup as well as wired users. I will be adding a few screen shots and step by step instructions.

Now I am not one to panic about malware on the web. I have always prided myself on smart & safe browsing. But when I first heard about the new DNS Poisoning problem on the Nosillacast podcast a couple of weeks ago, it scared me. This could be a problem affecting everyone, no matter what safety precautions they take while surfing the Internet.

The subject is so complicated, and I won’t pretend to understand it fully, but I think I understand it enough to explain the situation to my family and friends, which is what I am trying to do with this blog article.

Okay, bottom line is there is a type of flaw that can be exploited by the bad guys, which enables them hijack vulnerable unpatched systems at your Internet Service Provider (Comcast for example) and change the path of traffic to their own web pages. So, if you are trying to go to amazon.com, your browser address bar will display “http://www.amazon.com” but you might be redirected to the hijacker’s site who has created a web site that looks very similar to Amazon. From there, it could be possible to install malware to your computer or to trick you into giving your personal info like credit cards or passwords.

This vulnerability can also affect your email, which is even scarier. A bad guy could intercept your email message(s) and insert a malware attachment or web site link. And you wouldn’t even know it was happening.

Are you vulnerable?

The Security Now podcast lists several links to sites that will “test” your site for the vulnerability: http://www.grc.com/sn/notes-155.htm

I ran the test @ DoxPara and the following message appeared: “Your ISP’s name server, xxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.”

I have heard that similar messages are appearing for other Comcast users. Since the information I am finding online concerning Comcast is vague and unclear, I am not 100% sure I trust Comcast to deal with this. So, I am taking matters into my own hands until I am sure.

I have read that other ISPs like Time Warner and AT&T have NOT patched, so there are still a lot of people out there that are in trouble!

Good News - Use Open DNS

The good news is, you can bypass your ISP’s DNS computers, and use another. Open DNS is a very secure and highly recommended DNS server that offers use of its servers for FREE! All you need to do is change a couple of settings in your router.

Not using a router? If your computer is attached directly to a high speed modem (ie DSL, Cable, satellite) then you are highly vulnerable to this flaw, as well as many other attacks.

Using a router keeps you safe behind a “hardware” firewall, and that firewall can thwart most attacks…so do yourself a favor and head to Staples, Walmart, Target, or Amazon and buy a Linksys, Netgear, or DLink router. It is an absolutely necessary tool in today’s times!

Change Your Router’s Settings

It is very easy to change your router settings to use Open DNS servers instead of your ISP’s.

Note: Don’t worry, you aren’t changing to a new Internet Service Provider, you will still be using the same ISP, it’s just the DNS computer information that you are changing.

There are detailed instructions on the Open DNS site, but I will walk through the instructions for changing a Linksys router.

First you need to access your router’s settings. Linksys router users can use this link: http://192.168.1.1/.

A password window will appear. The user name is “admin” and unless you previously changed the access password, the default password will be “admin”.

Important note: in the router settings, your password should be changed for extra security. To learn more about configuring your router for better security, please read my prior article.

Once you have logged into your router, you should be on the “Setup” page/tab.

Toward the bottom of the page, there is a setting called “Network Address Server Settings (DHCP)”. Locate “Static DNS 1″ and “Static DNS 2″ and type in Open DNS’s server numbers, which are:

208.67.222.222 and 208.67.220.220

NOTE: If you have current DNS settings, then write them down just in case you need to revert back.

change dns servers on linksys router

Once the new DNS numbers have been entered, click the “Save Settings” button. And that is it!

Again, if you are not using a router, I cannot stress enough that you need to go out and buy one. They are usually about $50 and sometimes less. I recommend the Linksys WRT54G series routers, but DLink and Netgear also make good routers. Buy whichever is on sale that week; most will have detailed instructions explaining how to set security.

Okay, next, a word or two about Open DNS. Besides free use of their DNS servers, they also offer all sorts of parental controls and other security. I haven’t really delved into their offerings, but from what I gather, it’s all free. How can all this be free? Well to offset their costs, they have advertising revenues. Keep in mind, that whenever you type in a wrong address into your browser, Open DNS will take you to a custom search page, usually with your corrected web site URL on top.

For instance, if you type “ebay” instead of “ebay.com”, your browser will take you to a search page for “ebay”. Some have complained that this isn’t fair, wah wah wah…but who cares. They have to make money somehow. I don’t mind that they make a little on searches.

To learn more about Open DNS and all their offerings, check out the Typical Mac User podcast for a special 3 part series on all the details.

Personal Computer Patches

Besides your ISP computers, personal home computers, as well as business computers also need to be patched.

As far as I can tell, Microsoft issued a security patch a week or two ago, so make sure you are 100% up to date with all your Vista or XP critical patches.

As for Mac users, there was a patch issued, but it looks like it doesn’t fix everything, so when I am out from behind my router, I think I am still vulnerable if I connect to an open wifi spot. I am still a bit foggy on that issue, so more research is needed.

More Questions

Since I am still learning about this vulnerability, I still have additional questions that I haven’t found answers to.

For example, are cell phones that connect to the Internet still vulnerable? What about if you use a VPN (virtual private network)? What about web based email like gmail?

There is also a problem with routers being vulnerable too, but the issue isn’t as dire, because they would only be attacking your small network. Initially, I think routers will be okay, and the bigger networks like ISPs will be attacked first. I would like to find out more about the router issues, and whether firmware patches will be issued.

Hopefully I can find the answers online soon.

Helpful sites if you want to learn more about the DNS Flaw:

Getting Social

July 19, 2008 by debbie T | Digital PhotographyFlickrInternetMac CornerWeb Development

I have had accounts at all the cool social networking sites, like Twitter, Facebook, Tumblr, MySpace and Zooomr to name a few.

I have never really had the time or desire to participate with any of these networks, except for Flickr. But with all the talk (and rumors) of the downfall of Flickr, I decided to mess around with Zooomr.

When I signed up with Zooomr almost a year ago, I didn’t mesh with it, but this time, I guess it stuck, because I am totally addicted.

The addiction to Zooomr, lead to another look at Twitter, and I have set up auto updates to Twitter from Zooomr.

I have never thought of myself as a chatter, but this is actually kind of fun. I like the quick moving feel of Zooomr and the community aspect is very fun.

If you are a Zooomr member, would you like to “follow” me?

More on my thoughts on Zooomr at a later date.

Back Up MySQL Database

March 28, 2008 by debbie T | Content ManagementLinux CornerWeb Development

For those that utilize a MySQL database, whether for a blog, discussion forum, photo page, etc. it is so important to make regular backups of the database(s). You never know when or if the database could be corrupted for any reason.

It is very easy to backup your database, so don’t be afraid! This article will cover a few simple backup (and restore) solutions.

Using Backup Wizard from Cpanel

Does your hosting provider offer Cpanel as part of your hosting plan?

If you have access to Cpanel, then you also should have access to the “Backup Wizard” - on the Cpanel main page, check the category “Files”. You should find the Backup Wizard there.

backup wizard

This is a very simple, straight-forward way to backup your entire web site, including all databases. If you just want to backup only your databases, then click the MySQL database link and choose the specific database to backup. Save each file to the folder on your hard drive where you plan to store your database backups.

There is also an option to restore your whole site or a particular database.

The Backup Wizard is probably the easiest way to backup your web files.

If you cannot find the Backup Wizard, or your host doesn’t offer cpanel as part of your hosting package, then contact them to find out what tools are available to you to backup your database(s).

Want to learn more? Read the Rest of the Article

Transmit 3.6 Adds Amazon S3 Support

September 16, 2007 by debbie T | Mac SoftwareWeb Development

I am a huge fan of Transmit, the Mac FTP (SFTP) app from Panic. So you can imagine my glee when I heard that they added support for Amazon S3 to the newest version (3.6)

I have been using JungleDisk, and I found that worked very well, but getting things started was a bit awkward. I had to launch JungleDisk, and then connect to localhost using “connect to server” - it was a few extra steps, once it was up and running, it was great.

So, I was thrilled to hear the news about Transmit; I immediately downloaded and updated. I set up my S3 user info and password, and it connected right away. Problems started when I tried to access my default directory (the one Amazon set up for me with the really really long file name). It just hangs for minutes, never being able to open it.

It looks like Paul Stamatiou also experienced this issue with larger buckets. Note: Buckets are what Amazon calls their directories - every bucket must have a unique name. Since I keep over 10gb of files in my default directory, I guess Transmit chokes when trying to access it all at once. I had the same problem when using the Firefox extension S3Fox.

So, I figured I would experiment and try uploading some files to new buckets outside the default directory. That seemed to work okay, but I hit a snag again when I tried to access a large file containing my photo files.

Oh well, I will continue to experiment with Transmit and S3, but I will probably stick to JungleDisk for large backups. It works for me!

SSH Connection Using Mac Terminal

June 9, 2007 by debbie T | InternetMac SoftwareWeb Development

I found a very helpful tutorial to set up a SSH connection to your web host using Mac Terminal.

http://www.cmu.edu/computing/documentation/terminal/terminal.html

Simple instructions to connect and save your connection. Now that I am connected, I need to dig out all my old Unix commands! :)

Dreamhost Security Leak

June 8, 2007 by debbie T | InternetWeb Development

It appears that 3500 FTP accounts hosted at Dreamhost were hacked. Mezzoblue was one of the hacked sites, along with Caydel’s SEO Blog.

The hackers added invisible links to files located on the server. Very unnerving. Thankfully I don’t host with Dreamhost, but I suppose something like this can happen anywhere.

Related Web Links:

If you have a hosting account at Dreamhost, it’s best to change your passwords, whether your account was one of the compromised ones or not.

Simple Machines - Spam Free Discussion Forum

May 23, 2007 by debbie T | InternetWeb Development

For the last few years I have been administrating a small discussion forum on one of my other web sites. I use Simple Machines forum software.

Simple Machines has served me well. It was easy to set up, and I loved the vast array of settings. Yeah, there were bugs, especially when upgrading, but I really liked what it offered. The best part it was free!

Starting last summer, spam membership was becoming an annoying problem. Blocking domains from certain countries helped some of it, but it was getting worst. I reluctantly made the decision to require membership approval; it wasn’t an ideal the solution, since it really hindered legit membership and it required too much time to figure out who to reject. I was getting frustrated, but wanted to stick with Simple Machines.

Simple Machines released version 1.1, with the addition of CAPTCHA.

I am happy to report that in the months since my upgrade, there has been not one speck of trouble with a spammer membership or posting. Hurray!

Note: Initially I had issues when upgrading to 1.1.2; mainly, the problem was that the copyright text located at the bottom of the forum was now in giant letters screaming to all my visitors that I was using the software illegally. I use a customized (non-default) template, and I found that temporarily switching to the default template before upgrading solved my problem.

Bottomline, if you are looking to install a discussion forum to your web site, add Simple Machines to your list of prospective candidates. Oh and I also have heard Vanilla Forum is quite interesting, although I haven’t had an opportunity to check it out. It always makes me hungry when I visit their site though.

Fireworks Batch Processing Revisited

May 7, 2007 by debbie T | Art and GraphicsWeb Development

I received an email today from a visitor regarding one of my Fireworks MX tutorials. He was having trouble with the Batch Processing tutorial and wondered if it was possible to save a command that would enable the object(s) of each file to be automatically moved lower on the canvas to allow more white space at the top.

I replied that I didn’t think it was possible for Fireworks to automatically move objects in a file, since there could be so many derivatives that could hinder the process. But there had to be a way to achieve his goal using a different approach.

How about adding white space to the top of the canvas?

In Fireworks, create a test canvas with a shape or text object, then Fit Canvas (Modify>Canvas>Fit Canvas) to remove all excess white space around the object. Save the file.

Optionally, you may want to clear the contents of the History panel, to remove the clutter. To view the History panel, choose Window>History. Click the little menu at the top right of the panel, and choose “Clear History” - this will remove all undo steps, so use with caution.

clear history

To insert a few pixels of white space at the top of the canvas, choose Modify>Canvas>Canvas Size

In the dialog window, add 10 pixels to the height of the canvas and set the anchor to the bottom/middle. This setting will lock the contents to the bottom of the canvas and apply all 10 pixels to the top area.

New Canvas Size

Take a look at the History Panel; there should be a step for “Crop Document” (technically adding or removing space to the canvas is cropping.)

At this point, go to step #7 in my original Batch Processing tutorial and follow the instructions to to save as a command.

Thanks Russell for your inspiration!

Panic Releases Coda for Mac

April 24, 2007 by debbie T | CSSMac SoftwareWeb DevelopmentXHTML

Yesterday, Panic announced the release of Coda 1.0, an all in one web developer’s tool for Mac OS X. I love Panic’s FTP app Transmit, so I am looking forward to checking it out further.

Other Web Resources:

Hopefully tonight, I will have time to download the trial and experiment.

The New Icon Buffet

April 13, 2007 by debbie T | Art and GraphicsInternetWeb DesignWeb Development

A few of weeks ago, I noticed that Icon Buffet relaunched their icon sharing community.

See: Firewheel Design - how to build a community with icons

I have been a member of Icon Buffet for a little over a year; I can’t say that I have used many of their icons, but it is fun to collect and share.

Observations (Good and Bad):

Bottom line, I like the new and improved Icon Buffet. So, if you are an Icon Buffet member, make sure to drop by my profile page and add me as your friend. If anyone needs any icon deliveries, I have 300+ stamps, and would love to share! Or better yet, register using my referral link, and I get extra points!

Related Web Links: