Scariest new trends in the world of internet security
On Part Two of my excellent BIGcast conversation with security expect Jim Stickley of Stickley on Security, Jim tells me of the scariest new trend he’s come across lately in the world of security.
While this isn’t exactly ‘new’, Jim is appalled that no one is doing anything to remedy the issues of criminals targeting in-home routing and modem devices in order to change their DNS settings. DNS servers act as the ‘telephone book’ for internet networking. They deliver the IP address to your computer for whatever website you are trying to access. Generally, these devices have strong blocks and firewalls to avert any internet entity from entering it, so the odds of hacking into it are low. So, criminals have gotten smart about it. They have developed malicious websites disguised as ordinary every day websites in order to hack into your internal network while you are browsing the internet.
It all starts with the standard IPs used for routing and DNS devices. Do the numbers 192.168, 10.10, 172.16 look familiar to you? These are the default IP numbers for all DNS gateways, and they were set up this way to ensure that no website would ever build on top of them.
So, say you are looking a cute puppy video. At the same time, the site is speaking with your computer, telling it to do something much more malicious. The malicious site sends a command that asks your computer to connect to the gateway and change the DNS server. So while the server was pointing to 126.96.36.199 (Google’s server), it is now pointing to the chosen address by the criminal.
That new address is a DNS server that they own. Now their DNS ‘telephone book’ can route you to alternate websites of their creation whenever you type in a website. If you were to visit BankofAmerica.com a site that they created that looks exactly like the actual BOA site will pop up, but it will be their a page of their creation. They are now in prime placement to steal your data when you enter your credentials. This doesn’t only apply to your computer. Your mobile apps can also be hacked in this way.
There is actually an easy remedy in order to avoid this type of hack. All you have to do is update the firmware. It’s a simple process of finding out the manufacturer and model number of the device, visiting their website and searching for firmware updates for that model. The website will then walk you through the update. Jim recommends you check this at least every few months, preferably once a month.
I then asked Jim about Google Chrome’s new alarms that point out sites that use weak security configuration. Is this something we need to worry about? Jim says no. He says this doesn’t mean the site or your connection to it are bad. Google is simply calling out websites that still allow low level encryption. They are trying to force people to stop doing it.
However, would this Chrome alarm show up in this DNS hack situation? Jim says no. The genius of the DNS hack is that it works on websites that people visit all of the time, so people are not looking to see if the certificates or ‘https:’ are visible. Jim recommends to always look to ensure the ‘https:’ is in the bar and that the certificate is there when inputting sensitive information.
In closing, I want to recommend Jim to any financial institution to bring Jim in on any security issues you might have.
Check Jim’s Youtube out here for his newest videos, and visit stickleyonsecurity.com for any education you need on security. Education is the most important tool you have in security.