Splash of Style...Macs, Photography, Design, and other Passions

DNS Poisoning & How To Protect Yourself

August 7, 2008 by debbie T | ComputersInternetMac CornerWeb DesignWeb DevelopmentWirelessWordPress
UPDATE: I will be updating this article very shortly. I have new info on how to change the DNS settings for dialup as well as wired users. I will be adding a few screen shots and step by step instructions.

Now I am not one to panic about malware on the web. I have always prided myself on smart & safe browsing. But when I first heard about the new DNS Poisoning problem on the Nosillacast podcast a couple of weeks ago, it scared me. This could be a problem affecting everyone, no matter what safety precautions they take while surfing the Internet.

The subject is so complicated, and I won’t pretend to understand it fully, but I think I understand it enough to explain the situation to my family and friends, which is what I am trying to do with this blog article.

Okay, bottom line is there is a type of flaw that can be exploited by the bad guys, which enables them hijack vulnerable unpatched systems at your Internet Service Provider (Comcast for example) and change the path of traffic to their own web pages. So, if you are trying to go to amazon.com, your browser address bar will display “http://www.amazon.com” but you might be redirected to the hijacker’s site who has created a web site that looks very similar to Amazon. From there, it could be possible to install malware to your computer or to trick you into giving your personal info like credit cards or passwords.

This vulnerability can also affect your email, which is even scarier. A bad guy could intercept your email message(s) and insert a malware attachment or web site link. And you wouldn’t even know it was happening.

Are you vulnerable?

The Security Now podcast lists several links to sites that will “test” your site for the vulnerability: http://www.grc.com/sn/notes-155.htm

I ran the test @ DoxPara and the following message appeared: “Your ISP’s name server, xxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.”

I have heard that similar messages are appearing for other Comcast users. Since the information I am finding online concerning Comcast is vague and unclear, I am not 100% sure I trust Comcast to deal with this. So, I am taking matters into my own hands until I am sure.

I have read that other ISPs like Time Warner and AT&T have NOT patched, so there are still a lot of people out there that are in trouble!

Good News - Use Open DNS

The good news is, you can bypass your ISP’s DNS computers, and use another. Open DNS is a very secure and highly recommended DNS server that offers use of its servers for FREE! All you need to do is change a couple of settings in your router.

Not using a router? If your computer is attached directly to a high speed modem (ie DSL, Cable, satellite) then you are highly vulnerable to this flaw, as well as many other attacks.

Using a router keeps you safe behind a “hardware” firewall, and that firewall can thwart most attacks…so do yourself a favor and head to Staples, Walmart, Target, or Amazon and buy a Linksys, Netgear, or DLink router. It is an absolutely necessary tool in today’s times!

Change Your Router’s Settings

It is very easy to change your router settings to use Open DNS servers instead of your ISP’s.

Note: Don’t worry, you aren’t changing to a new Internet Service Provider, you will still be using the same ISP, it’s just the DNS computer information that you are changing.

There are detailed instructions on the Open DNS site, but I will walk through the instructions for changing a Linksys router.

First you need to access your router’s settings. Linksys router users can use this link: http://192.168.1.1/.

A password window will appear. The user name is “admin” and unless you previously changed the access password, the default password will be “admin”.

Important note: in the router settings, your password should be changed for extra security. To learn more about configuring your router for better security, please read my prior article.

Once you have logged into your router, you should be on the “Setup” page/tab.

Toward the bottom of the page, there is a setting called “Network Address Server Settings (DHCP)”. Locate “Static DNS 1″ and “Static DNS 2″ and type in Open DNS’s server numbers, which are:

208.67.222.222 and 208.67.220.220

NOTE: If you have current DNS settings, then write them down just in case you need to revert back.

change dns servers on linksys router

Once the new DNS numbers have been entered, click the “Save Settings” button. And that is it!

Again, if you are not using a router, I cannot stress enough that you need to go out and buy one. They are usually about $50 and sometimes less. I recommend the Linksys WRT54G series routers, but DLink and Netgear also make good routers. Buy whichever is on sale that week; most will have detailed instructions explaining how to set security.

Okay, next, a word or two about Open DNS. Besides free use of their DNS servers, they also offer all sorts of parental controls and other security. I haven’t really delved into their offerings, but from what I gather, it’s all free. How can all this be free? Well to offset their costs, they have advertising revenues. Keep in mind, that whenever you type in a wrong address into your browser, Open DNS will take you to a custom search page, usually with your corrected web site URL on top.

For instance, if you type “ebay” instead of “ebay.com”, your browser will take you to a search page for “ebay”. Some have complained that this isn’t fair, wah wah wah…but who cares. They have to make money somehow. I don’t mind that they make a little on searches.

To learn more about Open DNS and all their offerings, check out the Typical Mac User podcast for a special 3 part series on all the details.

Personal Computer Patches

Besides your ISP computers, personal home computers, as well as business computers also need to be patched.

As far as I can tell, Microsoft issued a security patch a week or two ago, so make sure you are 100% up to date with all your Vista or XP critical patches.

As for Mac users, there was a patch issued, but it looks like it doesn’t fix everything, so when I am out from behind my router, I think I am still vulnerable if I connect to an open wifi spot. I am still a bit foggy on that issue, so more research is needed.

More Questions

Since I am still learning about this vulnerability, I still have additional questions that I haven’t found answers to.

For example, are cell phones that connect to the Internet still vulnerable? What about if you use a VPN (virtual private network)? What about web based email like gmail?

There is also a problem with routers being vulnerable too, but the issue isn’t as dire, because they would only be attacking your small network. Initially, I think routers will be okay, and the bigger networks like ISPs will be attacked first. I would like to find out more about the router issues, and whether firmware patches will be issued.

Hopefully I can find the answers online soon.

Helpful sites if you want to learn more about the DNS Flaw:

Using BitPim to Access Data on LG VX6100 Cellphone

July 22, 2007 by debbie T | Mac SoftwareWireless

I have a few saved camera photos on my LG VX6100 and since Verizon Wireless restricts access, I needed to figure out how to access it myself.

I ordered a cheap USB data cable on Amazon.com and downloaded BitPim - the free open source software for Macs, Windows and Linux that allows access to the file data on closed/restricted cell phones.

I am a Mac User, but I suspect the experience is fairly similar for Windows users, although it states in the help files that Windows users need drivers.

After download, I installed and launched BitPim. I highly recommend reading through the help tutorial, it will save time on figuring out what to do.

I attached the LG VX6100 to my laptop, after BitPim launched and that could be the reason it didn’t work initially. I quit the app, and started again. It didn’t recognize my phone again at start up, but somehow once I set the preferences again, it did recognize the phone.

BitPim settings

NOTE: If you just want to download your data, check the box next to “Block writing anything to the phone” - I unchecked this setting in order to upload ringtones.

Click the “Get data from phone” icon, and add a check next to the items to download.

I didn’t care about my contacts, call history, etc. All I wanted was my camera photos. I chose “wallpaper” and “ringtones” in the data download settings.

BitPim data download settings

I checked the log, and my data was downloading. For some reason my ringtones didn’t download, but a few sounds did download; all my camera photos downloaded, along with the default phone graphics.

Adding a Ringtone to the LG VX6100

I wanted to test the ability to upload a new ringtone to the VX6100, so I found a cute little “Bewitched Nose Wiggle” sound on my hard drive.

On the main workspace, right-click on Ringers, and choose “Add to Ringers”, navigate to your sound file, and select it - BitPim converts to .mp3.

Once it was added to the ringers folder, I chose the “Send Data to Phone” icon, and carefully chose the “add” radio button with a check box next to ringtones. I did not want to choose “Replace All” as I didn’t want to risk losing all my beloved default ringtones, especially since it was unable to download them.

It worked! I have a new ringtone on my cell phone! COOL!

Adding New Images to LG VX6100

Since the ringtone was so easy to add, I thought it would be cool to add one of my logos as my phone wallpaper. On the main BitPim workspace, right-click on Images and choose “Add to Images”, navigate to the image file. Choose how you want to format the image; I selected wallpaper, and I adjusted the crop boundaries to fit fully around my image.

Using the same process as the ringtone upload, I clicked the icon for “Send Data to Phone” and again, I carefully chose the “add” radio button along with a check box next to images.

It worked and now I have my web site logo on my cell phone!

LAST NOTES: BitPim cautions unplugging the phone from your computer if data is busy uploading or downloading. Be very careful with this. I don’t know if I was correct, but I quit the app before unplugging. This is not official software, so it could damage your phone irreparably, so proceed at your own risk!

Verizon Wireless, LG VX6100, & LG VX8300

July 22, 2007 by debbie T | Wireless

Since March, I was eligible to upgrade my Verizon Wireless cell phone (LG VX6100), under the New Every Two promotion. I briefly researched online, and when I went to the store, I decided to upgrade to the LG VX8300. This required me to sign a new 2 year contract.

Likable LG VX8300

I was happy with the LG VX8300; the display is bright and colorful, and I liked that there was a microSD slot. Basically, it was an updated version of my previous phone.

The LG VX8300 Negatives

There were a few things that annoyed me. The menu (Verizon Wireless standard menu system) is not as intuitive as the default LG menu system in my LG VX6100. The phone’s available ringtones are horrid. I missed my old ringtones, and I hate the selection that Verizon Wireless offers on their pay site.

I use the speakerphone 90% of the time, and although the speakers sounded quite good, the way I hold my phone, I felt like I was blocking the two little side speakers with my fingers.

The biggest negative was that I had to sign a new two year Verizon Wireless contract. Since the iPhone announcement months ago, I had a nagging feeling that should remain “contract-free” - so I could be free to change providers at any time if something new and cool was announced.

So, I returned the cell phone on Friday, and reverted to my old LG VX6100 phone. I feel relieved that I am contract-free once again.

I ordered a new battery for the LG VX6100 from AccessoryGeeks.com, and since I already had a USB data cable, I will connect to the hard drive to mess with my saved photos & ringtones. (More on this in a new article) - I think this phone will be good for at least another year, and by then who knows what cool products will be available.

Configuring a Linksys Router

April 13, 2007 by debbie T | ComputersInternetWireless

My friend Jenn is having a tough time properly configuring her Linksys wireless router, so I told her I would write a tutorial. (waving to Jenn!) Hopefully this will help her, and anyone else in need. I suggest printing this tutorial to follow along easier.

First off, let me state that I am not a security expert, so please take everything in this tutorial with a grain of salt. ;) My router is a Linksys WRT54G wireless router, and I am using Comcast for broadband internet access. If someone is using DSL or a different router model, then settings might be slightly different.

For lots more information on wireless security, I recommend the podcast “Security Now” with Steve Gibson and Leo Laporte. Along with the audio podcast, there are also text transcripts for each show. For specific wifi discussion, locate podcasts from 2005 - episodes 10 through 13.

Let’s get started

Read the Rest of the Article

Wireless Internet Access Through Floors and Walls

March 17, 2006 by debbie T | ComputersInternetWireless

Recently, I asked my mom if she would like to try sharing the high-speed cable Internet that my sister has upstairs in her bedroom.

At first, I was considering running Ethernet outside the upstairs window & into the window in her office downstairs. Gosh that would require a lot of wiring, but initially I didn’t think wireless access would be possible.

I started researching, and learned that wireless-G access is much better reaching through walls and floors than wireless-B.

So I figured I would give it a shot; if the signal was too low, I could always consider adding a repeater to strengthen the signal.

Since I loved my new Linksys WRT54GS, I started looking at the sales flyers. I found the WRT54G (v5) at Staples for $50.

Note: I really don’t think the speed booster router was necessary. I did purchase the speed booster version for our home, but only because it had a better price at that time, and I liked the reviews better than the plain G. But basically, I am pretty sure that both routers are exactly the same, except one has the speed booster.

Along with the router, I needed a wireless adapter hardware for her desktop. I admit I am hardware challenged, so I really didn’t want to install a PCI wireless adapter. I opted for the WUSB54G (v4) USB network adapter from Linksys, but I bought the Linksys PCI adapter just in case the USB adapter didn’t work well. (Each were $50.) The reviews on the USB adapter were very mixed, in fact reviews were not so good for any USB network adapter.

To save time, I configured the router at my house with WPA2 Personal security (with a strong password,) Universal Plug ‘N Play disabled, firewall enabled, and a new administration password. Then I brought it over to my Mom’s.

Once it was plugged into my sister’s system upstairs, I plugged the USB network adapter into my Mom’s system. Hmm, it wasn’t working, so let’s read the directions. Uh oh, do not plug in the adapter until the software from the CD is installed. Gee, I guess I should have read the instructions first.

So, I uninstalled the driver Windows XP installed, and unplugged the adapter. After installing the drivers on the CD, I plugged in the network adapter again. In my opinion, the interface is a little awkward and unintuitive. When the network was found, a dialog box appeared with password text box. It took two tries, but I did finally connect.

Initially, the signal fluctuated from 60% to 70%, so we experimented with placement of the USB adapter and router (upstairs). Eventually, the signal strength moved to 80%.

When I have more time, I might go over there and experiment a little more. After reading the User Guide online, it appears I can forgo the Linksys connection monitor, and use Win XP’s monitor instead. It might be easier to do that. One night my Mom noticed another signal (40%) on the list of available networks, and I want to ensure that she cannot accidentally connect to any other open networks in the area. I know XP can be configured to not add every network to your list of preferred connections.

Bottom line, my mom loves the speed, and my Dad is even thrilled to be going online. It was a good upgrade for them and I recommend both the Linksys WRT54G router and WUSB54G USB Network Adapter.

Linksys WRT54GS Router

February 1, 2006 by debbie T | ComputersInternetMac SoftwareWireless

I received our new Linksys router (WRT54GS v2) today from Staples. The reviews online seemed positive, more positive than the WRT54G (without SpeedBooster.) I didn’t actually have a chance to read the details on the box until it was delivered, but I noticed it stated that the SpeedBooster is only available for Win 2000 and XP, so it really wasn’t going to do much for my PowerBook. But, I did get it at a good price after rebates and discounts, so it really didn’t matter.

I didn’t install any software on the CD; I did open the manual in the Doc folder.

I hooked up the router to my Powerbook using a wired Ethernet connection. I pointed my browser to the admin page http://192.168.1.1/ and signed in as username (leave blank) with “admin” for password - this is information is in the instruction pdf document on the CD.

First, in Admin>Management, I changed the password to the router, and while I was on that page, I disabled Universal Plug n Play (UPnP)

On Setup>Basic Setup, I chose “Automatic Configuration DHCP) and selected my time zone. Save Settings. This automatically set the IP Addresses, etc.

On the Wireless tab, I carefully read through each of the sections and made my setting choices. I set it for WPA, and created my secure password.

If you need to learn more about specific settings, there is a “more” link found under the brief text explanation on the far right of the page. I was impressed with the Setup Help.

I browsed though each of the settings pages. Most areas I left at default.

I downloade and upgraded the firmware, and like the D-Link firmware upgrade, as it updated, a popup box stating the script stopped, and asked if I wanted to continue or stop. I think this must be a Mac OS X problem or something. Anyway, I tried clicking Continue a few times, and it just kept popping back up again. Then I reluctantly chose Stop, and it was the right choice, because the update finished.

After the upgrade, I lost the Internet connection, but I checked the troubleshooting section of the pdf manual, and figured out how to release and renew the IP Address. That worked and my connection was back.

Since I kept the same SSID and password, I connected easily with wifi on the Powerbook. Then I connected with our Toshiba laptop using an older Netgear MA521 card, and it seems to work just fine. I didn’t surf very long, but I test it by removing the wifi card and after I reinserted, it connected again. In the past, we would sometimes have to reboot Windows.

Compared to the D-Link, I like this Linksys router much better. I found the help explanations easy to understand, and the menus are organized very well. All in all, I am happy with my purchase.

NOTE on return of D-Link router: For security, I reset the D-Link router to default settings. I really don’t think it would have mattered, since they would probably have to reset the router anyway to sign into admin, but it made me feel better. I had actually set up the new Linksys and packed away the D-Link before I realized I didn’t reset. But I just grabbed our laptop, and connected directly to the D-Link Ethernet port. No need to connect to the Cable modem, since all I needed to do was access the admin area.

New D-Link Router (DI-524)

January 29, 2006 by debbie T | ComputersInternetWireless

UPDATE: 01/30/06 - I usually post my updates at the bottom of my articles, but this one is going to the top. My husband had major problems accessing the Internet on his Windows laptop, and I found some web sites were loading painfully slow, while others were fine.

I called D-Link’s customer support. It was disappointing to hear what the tech support guy told me. They don’t recommend WPA security on this router, they only “really” support WEP. EEEK! WPA support was my whole reason for purchasing a new router, and why would it state on the box that WPA was a router feature if they weren’t intending to support it!?!

I asked about other routers, and he said that any of them from the DI-624 upward, would fully support WPA.

Anyway, it really makes me very mad now that I am thinking about it. I guess they just take old crappy routers and slap in a firmware update so they can call it “WiFi Certified” - blah.

So, bottom line is I will be taking my router back to Office Max. The LinkSys routers are on sale, and since that is the brand I really wanted, I will spend a little extra for one of their better models.

End of update!

I picked up a new wireless router the other day. I found the D-Link DI-524 at OfficeMax for a really good price (around $20) so I grabbed it.

Reviews online were mixed, but I figured I would give it a shot.

Set up using the wizard was easy, but the wizard does not cover a lot of settings, including enabling WPA, so it is best to work through each page manually. Thankfully I have prior experience with routers, but for those that don’t, it can be a very daunting assignment.

On the Home>Wireless page, I enabled wireless connectivity, named SSID, chose a channel, left the default for Mixed mode & enabled SSID broadcast. I enabled WPA as PSK and created a very strong, impossible to memorize passkey.

Then I took a look at the Advanced tab. I was initially confused with the Firewall Rules configuration. I wasn’t sure if this needed to be enabled, or did NAT take care of my firewall needs. After running the Shields Up tests over at GRC.com, I realized I was in fairly good shape, and my NAT protection was working.

Shields Up brought a few security details to my attention. By default, my router left Port 113 closed, but not hidden. I found a tutorial on D-link’s support pages to stealth Port 113 and it worked! I don’t know if I will have connection problems in the future, but it is easy to reverse if needed.

Shields Up also let me know that my system was responding to pings. I found a setting on the Tools>Misc page to block WAN Pings. Also, on the Tools>Misc page, I disabled Universal PlugNPlay (UPNP). My security settings now passed the Shields Up tests!

On the Firmware page, I tried to update to the December, 2005 firmware, but a message kept popping up that there was a problem with the script. I have a feeling that it is because I am on a Mac. There was a warning to NOT use a wireless connection to download and update the firmware, so I had to connect by Ethernet. I will have to connect our Windows laptop and maybe that will work.

Extra Notes: I found a helpful web site called PortForward.com that offers Port Forwarding instructions for tons of different routers.