The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: DNS Security

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
November 12, 2020Ravie Lakshmanan
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks
May 20, 2020Ravie Lakshmanan
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack , the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services. "We show that the number of DNS messages exchanged in a typical resolution process might be much higher in practice than what is expected in theory, mainly due to a proactive resolution of name-servers' IP addresses," the researchers said in the paper. "We show how this inefficiency becomes a bottleneck and might be used to mount a devastating attack against either or both, recursive resolvers and authoritative servers." Following responsible disclosure of NXNSAttack, several of the companies i

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
February 25, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
January 22, 2019Swati Khandelwal
The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking , which security researchers with "moderate confidence" believe originated from Iran. Domain Name System (DNS) is a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). What is DNS Hijacking Attack? DNS hijacking involves changing DNS settings of a domain, redirecting victims to an entirely different attacker-controlled server with a fake version of the websites they are trying to visit, often with an objective to steal users' data. "The attacker alter

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security
January 10, 2019Swati Khandelwal
Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks. To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections. The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection. Launched over eight years ago, Google Public DNS, at IP addresses 8.8.8.8 and 8.8.4.4, is world's largest public Domai

Google to add "DNS over TLS" security feature to Android OS

Google to add "DNS over TLS" security feature to Android OS
October 23, 2017Mohit Kumar
No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a DNS query, making it a fundamental building block of the Internet. DNS works as an Internet's phone book that resolves human-readable web addresses, like thehackernews.com, against their IP addresses. DNS queries and responses are sent in clear text (using UDP or TCP) without encryption, which makes it vulnerable to eavesdropping and compromises privacy. ISPs by default resolve DNS queries from their servers. So when you type a website name in your browser, the query first goes to their DNS servers to find the website's IP address, which eventually exposes this information (metada
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.