All about Security, News, Events and Incidents

So, what DNS you are using?

 

It's not something you ask, in public or otherwise, as it's part of the security set up of someones personal access or company access, so it's not something to be disclosed.

It's like asking for the confidential security map to someone's site. Each detail gives a potential compromise to security and privacy.

So don't be giving that info out in public, or asking for it.

 

That's untrue. Your Samsung S7 edge, your ISP, Samsung services/apps and lastly, Google itself, so you're isn't private at all!

 

I meant what public DNS you are using or prefer. Not your top secret DNS

 

You are missing the point. Whether the DNS I have setup for a site is a public one or a private one they are both security and privacy details that shouldn't be shared. If you don't understand this, think about it.

Just because a public DNS is public information, which sites use it are private security details of those sites. That public DNS service won't share the details of sites or devices that use it, and you shouldn't either.

Information available only by direct knowledge of site details should not to be shared publicly.

 

You are confusing yourselves.

The DNS service won't share who is using it. The device won't share what DNS it is using. Your device DNS won't broadcast it's DNS primary, secondary, and under what network connectivity conditions it uses which DNS services should it use different ones for different access.

The device may know, and if the device maker or OS maker is nosey they may be able to find out if that configuration is disclosed or if they are the DNS service being used, otherwise it's private information that they won't share and you shouldn't either.

The network won't disclose your data, and unless you are snooped or wiretapped, your packets with source / destination are crossing random paths that won't disclose your data either.

The secure DNS can encrypt data, but not source / destination, as https it's tough to tell what the nature of the data exchanged is - size might tell if you push the thought - dedicated ports like DNS / DoT telegraph the data content. That's why DNS over https is preferred.

You are assuming too much if you think your devices are giving out your private information so it's ok to broadcast it yourself. Don't make it easy for privacy invasions or security intrusions by giving out security details publicly.

Gee you guys really don't see this? You need to do some more thinking and studying about this.

 

For me I'm using those below servers, under testing, before I was using the Google DNS 8.8.8.8, 8.8.4.4.

208.67.220.123
208.67.220.220
208.67.222.222

 

It was a joke. We live in a world where everyone wants to know exclusively what we do in private life.
My router doesn't support DNS over HTTPS.

 

That's ok, you don't need to use your router for DNS, you can do it directly from your device OS or set up another device to act as the DNS query device and refer to it locally.

Ah, a joke.

Please share with me your credit card details, so I can make a funny joke for you too.

In an unrelated question, how many tonnes of horse manure will fit 6 meters deep in your front yard? Asking for a friend...

 

Try Quad9 or Adguard. They must have server near you.

 

Hmmm, maybe 100 tonnes if I was able to travel in a multiverse dumping it in the spot across 500 earths. My tech can only travel to 500 earths then it needs a couple of sun-like stars to recharge.

 

Or, do what I suggested many times before, use the DNS Query mapping tools available to find the best / fastest / least latency DNS servers near you.

Recommendations from people in different locations, or even the same location using different network services are mostly useless.

It's best to actually test to find out the best specific DNS servers available for your connected network.

 

For me mostly it turns out the ISP default has lowest latency and highest network shaping, so I use Google DNS or Quad9. CF is slow on NBR and similar sites.

 

There should be a dozen "just as good" choices in the list of DNS servers from those tools that you could use. You don't need to limit the options so severely.

The difference for first queries is small - not even close to a noticeable wall time - and after that they are cached.

Trade off a little speed for a little privacy and vary your choice away from the well known gatherers and dealers of consolidated personal information, it's not that hard unless you refuse to recognize the alternatives.

 

I usually go for uncached result because long time ago Google DNS blocked a site under suspicion because it was slow to load whilst other DNS Quad9,OpenDNS,Norton safe web, comodo said it was fine and site loaded instantaneously unlike G DNS.
Its more like hit or miss based on browsing habits. 90% depends on luck that all devices work fine w/o slowdown.

 

Sure, there are lots of reasons to not use Google or ISP DNS, that's the whole point of those tools, to help you find other options to get away from the limitations of the "obvious" choices.

Those ISP and Google choices rely on most people being "lazy" and not taking the time to find alternatives.

Also, you may find ISP's slowing DNS queries external to them, I've seen it before, and have had to call up and tell them to knock it off - and then the latencies improve.

That's again why a non-id'able DNS query port like https is a good alternative to the fixed DNS / DoT options.

There are lots of details most people don't think about that the service providers do - it's their business - and they've got things optimized and nailed down for their benefit and profits, at perhaps our expense.

 

I told ISP to stop traffic shaping and now I've disconnected their service and switched to MiFi device and mobile data. There aren't any cheaper w/ higher speed alternatives here.

 

That's too bad, it's especially sucky at the consumer end of ISP services - I was referring to high speed dedicated connections before when I called and complained, I couldn't imagine consumers being able to do that with the local ISP customer service these days.

You might consider getting a dedicated link that gives you control over border routing, setting up a router multi-homed connection with another link - it can be wireless or cellular - or another dedicated link so that you are "above" the normal throttling / shaping / filtering.

It costs more, but it's good experience and worth the expense should you want to pursue this line of work professionally. Besides that it's lots of fun.

IDK what's available in your area, but you might start looking at business network options, even for the usual cable services it can be "better" service.

 

Yes, I'll do, but those are very fast and deserve the test.

 

Sharing the IP address is the thing harm the security and privacy for sure, but public DNS will not harm anyone.

 

You still don't see it, but you should, as you've posted news about exploits that could be used should you publish the DNS server information your devices use for address translation lookups.

If someone wants to track your activities on the internet, knowing their DNS source can be used to compromise their communications, you've posted a good example earlier:

This is why you don't announce your network details, none of them, ever.

 

You are right, but for me I'm using very strong security solution running on any system I use, so I can easily challenge any hacker to do his best with me. But for sure you have to keep your network and personal information as hidden as you can, those days there are many violence and crimes going on the Internet.

 

Your Organization is secured using Kaspersky endpoint or similar endpoint solutions?

 

I can't say exactly, but we have something more advanced and intelligent.

 

I've have a hunch which one it is but your privacy matters. I guess most of them know what I use from Security thread on my PC thread.

 

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
https://thehackernews.com/2019/01/dns-hijacking-cyber-attacks.html

 

If your DNS is compromised, and your translation returns an external IP (or even an internal IP) for an attacker controlled system, your data can be snooped and substituted for whatever the hacker desires in both directions invisibly without your security measures detection.

That's the danger, even if you have good internal security your external data streams can be compromised, which if done "right" can compromise internal security outside detection as it currently is implemented.

There are ways to work this, and some being developed - cross comparison of route and IP returned results - against historical and ancillary sources - by independent external reference sources.

It's unlikely you'd be able to detect the current compromises unless you are "rolling you own" and not depending on out of the box solutions.

So, beware, protect your internal information and how you access the internet externally, vary it regularly, collect historical data to use for comparison - A/B - Before / After - to see what's changed.

" Loose Lips Sink Ships".


Emergency Directive 19-01
January 22, 2019, cyber.dhs.gov
Mitigate DNS Infrastructure Tampering
https://cyber.dhs.gov/ed/19-01/

"...
Background
In coordination with government and industry partners, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of incidents 1 involving Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

1. The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
2. Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection.
3. Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings.

To address the significant and imminent risks to agency information and information systems presented by this activity, this emergency directive requires the following near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates..."

 

Cryptocurrency and Blockchain Networks: Facing New Security Paradigms
https://www.fireeye.com/blog/threat...n-networks-facing-new-security-paradigms.html

 

"The curious case of the Raspberry Pi in the network closet"
how we found, analyzed (with the help of Reddit) and in the end caught the culprit of a malicious device in our network

...deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don't ask..).

https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html

---

An interesting story... The author's co-worker finds an unknown (and unauthorized) Raspberry Pi connected in their network closet. Have you checked your network concentration points lately?

 

Student Finds Hidden Devices in the College Library - Are they nefarious?
http://forum.notebookreview.com/thr...he-college-library-are-they-nefarious.825853/

 

Neat... In this ( @hmscott's) thread, a post with links to the author's original reddit posts.

 

How Domains Were Exploited for Threats and Extortion and What You Can Do About It
Switched to Linux
Started streaming 22 minutes ago
New details emerged about how legitimate domain names owned by big companies sent out threat emails in December. We will look at the issue and the article and what you can do to make sure your domains are secured.
https://arstechnica.com/information...cammers-hijack-thousands-of-big-name-domains/

 

You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit
Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month
https://www.theregister.co.uk/2019/01/25/microsoft_exchange_hashed_passwords/

 

Outdated Software Exposes PC Users to Security Risks Says Report

tl;dr - the most common outdated programs on PCs:



https://www.bleepingcomputer.com/ne...poses-pc-users-to-security-risks-says-report/

 

I rarely update Skype because sometimes new update broke calling function over Wifi and only full app reinstall fixed it!

 

Stop Using WhatsApp If You Care About Your Privacy
http://forum.notebookreview.com/threads/stop-using-whatsapp-if-you-care-about-your-privacy.827189/
https://lifehacker.com/stop-using-whatsapp-if-you-care-about-your-privacy-1825719172

 

I can't switch to others and since none of my family memebers and friends switch to Signal or Telegram where I setup my groups and everything else and none used it. So until everyone notices problems with whatsapp none will switch.

 

Same as me, I have to wait as you said.

 

Dear iPhone Users, Turn OFF "FaceTime" App Immediately.
A New Apple #FaceTime Privacy Bug Lets Callers Hear and See You Even If You Don't Accept the Call. (It's Unpatched)
Go to the Settings → Scroll Down to FaceTime → Switch it OFF Now!
https://thehackernews.com/2019/01/apple-facetime-privacy-hack.html

Spying Through Group FaceTime

 

Don't worry Middle east models don't have Facetime and iMessage.

 

We have Facetime and iMessage for additional price. All are there already.

 

Oh I didn't know that. I think my mom's phone didn't have Facetime and iMessage on her phone and I flashed Global ROM to get it. It wasn't working so I uninstalled it. I thought BOTIM was used extensively in place of skype and whatsapp.

 

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
https://thehackernews.com/2019/01/facebook-research-app.html

 

Spectre and Meltdown: An insider’s guide



Design flaws in modern chip design have emerged as a significant threat to the security of data on PCs and mobile devices. This comprehensive ebook delves into two prominent vulnerabilities—Spectre and Meltdown—and their many variants. It explains how they work, the products that are affected, and steps being taken to mitigate the risks.

Download It Now

 

Ex-US Intelligence Agent Charged With Spying and Helping Iranian Hackers
#cyberseecurity #nationalsecurity
https://thehackernews.com/2019/02/iran-hacker-wanted-fbi.html

The United States Department of Justice has announced espionage charges against a former US Air

 

US says former Air Force specialist spied for Iran

 

Kali Linux 2019.1 Released — Operating System For Hackers
https://thehackernews.com/2019/02/kali-linux-hackers-os.html

 

Google claims built-in Nest mic was ‘never intended to be a secret’
The feature emerged after Google Assistant support was added to Nest Secure
By Jon Porter @JonPorty Feb 20, 2019, 4:38am EST
https://www.theverge.com/circuitbre...ne-google-assistant-built-in-security-privacy

"Google has admitted it made an error when it didn’t disclose that its Nest Secure home security system included an on-device microphone. In a statement given to Business Insider, a spokesperson from the company said, “The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.”

At the beginning of February, Google announced that it would be adding built-in Google Assistant support to the Nest Guard, which is the Nest Secure system’s hub and keypad. Before then, the security system’s product page didn’t mention that it included a microphone. In its statement, Google clarified that, “The microphone has never been on, and is only activated when users specifically enable the option.” The product page has since been updated to mention the microphone.
..."

https://www.reddit.com/r/StallmanWa...e_claims_builtin_nest_mic_was_never_intended/

Google admits it didn’t tell customers its Nest device has built-in mic
Fox Business
Published on Feb 20, 2019
Fox News senior judicial analyst Judge Andrew Napolitano on Google saying the built-in microphone in its Nest device was never meant to be a secret and teen Nicholas Sandmann’s lawsuit against the Washington Post.

 

Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash

- Microsoft's Edge web browser comes with a hidden whitelist file designed to allow Facebook to circumvent the built-in click-to-play security policy to autorun Flash content without having to ask for user consent.
(According to the initial bug report filed by Google Project Zero's Ivan Fratric on November 26)

- back in November, the security researcher initially found in the whitelist the sha256 hashes of 58 domains on Windows 10 v1803, which he was able to decrypt and obtain the names of 56 sites

[ via twitter] - The default Flash whitelist in Edge really surprised me. So many sites for which I'm completely baffled as to why they're there. Like a site of a hairdresser in Spain...?! I wonder how the list was formed. And if MSRC knew about it.

[source:] https://www.bleepingcomputer.com/ne...t-whitelist-allows-facebook-to-autorun-flash/

 

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers
https://thehackernews.com/2019/02/l...ecurity+Blog)&_m=3n.009a.1934.tv0ao07vo4.16yu


At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols.