1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Computer Security' started by LukeP, Aug 11, 2012.

  1. LukeP

    LukeP Gigabyte Poster

    The guy is not a great speaker but the presentation is awesome. It exploits RAM errors (0 -> 1 and 1 -> 0) hijack web traffic.

    DEFCON 19: Bit-squatting: DNS Hijacking Without Exploitation (w speaker) - YouTube

    Check it out!
    WIP: Uhmm... not sure
    Bluerinse likes this.
  2. dmarsh

    dmarsh Terabyte Poster

    Surprised at how effective it is with a Bitsquatting/DNS attack on microsoft.com and Dr Watson.

    The random memory corruption is well know about for long time however, I even mentioned it here 5 years ago, and someone made out it was rarer than rocking horse ****...

    I think it will be a very long time indeed before general consumer devices are entirely ECC based. Consumer electronics is often now aggressively costed to remove parts and use cheap components.

    Top level domains of major OS manufacturers however should maybe be protected by pre-registering. Big websites and ISP's should also ensure ECC memory on their DNS servers.

    I still think that most machines will silently fail or crash and not generate DNS name lookup failures, the corruption has to occur at the exact location of the DNS name string which is one small bit of data (usually less than 20 bytes) out of GB's of data. The issue is that there are so many devices on the internet that as a non targeted attack it still works.
    Last edited: Aug 12, 2012
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH

Share This Page