Most of What You've Read About DNSChanger Is Wrong. Here's How.

[big_little]

you've been scanning the headlines or watching the evening news, you may have heard that tens of thousands of Internet users in the U.S. - hundreds of thousands around the world - will be cut off from the Internet on Monday, July 9, after servers set up at the bequest of the U.S. government go dark. That's bad, right? Well, maybe not.

What you may not know is that the impending DNSChanger "black out" threatens to obscure what has been a highly successful effort - one of few to date - to stamp out a global online scam and malware infestation.

First, some recent history: U.S. authorities in November unveiled indictments against six Estonian nationals who they charged with running a sophisticated, international online fraud that netted an estimated $14 million in bogus Internet advertising revenues, while infecting some four million computers world wide, 500,000 in the U.S. alone. The scheme used malicious software, installed on victims' machines, to force the users to visit Web sites that were customers of an online advertising firm controlled by the scammers.

Continuarea in sursa

[big_little]

The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website.

Thousands of Canadians could be among the hundreds of thousands of people around the world who might lose Internet access on July 9.That's the day the FBI will shut down all the "clean servers" it set up to combat a massive hacking operation.

Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites.On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down.

Sursa

[big_little]

The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam, was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and secure, though in fact it was being spied upon by a Cyberoam device.

This issue was discovered and analysed by Runa A. Sandvik of the TorProject and Ben Laurie. A certificate handling flaw in Cyberoam’s deep packet inspection (DPI) devices allow traffic from a single ‘victim’ to be intercepted by any DPI device from the vendor, according to the Tor Project.

Cyberoam make a range of DPI devices which are capable of intercepting SSL connections. “While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices. Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key,” Runa A. Sandvik, security researcher at Tor Project, explained.

Because the devices all use the same CA certificate, anyone in the possession of one of these devices can intercept traffic from any user accessing the network through a different Cyberoam device. Since all of the devices also include the same private key, this key can be extracted and imported into other DPI systems as well, enabling that same traffic to be intercepted.

Tor Browser Bundle are not impacted, but other users should check to ensure that the certificate in question is not installed in their web browser. Victims should uninstall the Cyberoam CA certificate from theirbrowsers and decline to complete any connection which gives acertificate warning.

Sursa