This article describes NXNSAttack, a newly discovered DNS protocol vulnerability which affects most recursive DNS resolvers. It allows to execute random subdomain attack using DNS delegation mechanism, resulting in big packet amplification factor.
You might have heard on some news sites about “critical” vulnerability in OpenWrt. You might be worried about how it affects is your Turris. That is the reason for quotes around the word critical. TLDR not applicable against Turris
Little bit of history
Apart from operating .CZ top level domain, CZ.NIC does a lot of other interesting things contributing to the common good. Part of it is running Czech national CSIRT team, doing security research and raising awareness about potential security issues. As part of our security research, we started wondering a long time ago how much are the average Joes and Janes attacked, by who and how. People that are just connected to the internet, run no public service and are just consumers. If only there was some kind of probe that would allow us to see what is going on there…
In September this year, the Czech Safer Internet Centre (CZ.NIC), in cooperation with the National Cyber and Information Security Authority, presented an online course called Digital Footprint, intended primarily for children aged 10-13. This interactive game focuses on Internet privacy and associated socio-pathological phenomena such as personal data abuse, sexting, digital privacy or cyberbullying.
During the development of the DNS Knot Resolver, CZ.NIC Labs have managed to reveal a security flaw that makes it possible to bypass DNSSEC security on F5 load balancers and cause denial of service. These products are being used, for example, in some internet banking applications, including those of Czech banks and public authorities. From the perspective of a user attempting to access an internet banking service, a successful attack exploiting this error would manifest in the browser suddenly reporting an “address not found” error and the service becoming unavailable.
The CZ.NIC Association joined the campaign – Family Offline Week with the subtitle “We are not afraid to be offline together“, which will be held this year from May 11 to May 19, 2019. The purpose of the 4th year of the campaign is not only to celebrate the International Family Day, on May 15, but above all to think about the excessive use of digital technology. The uncontrolled use of mobile phones, tablets and computers not only causes health problems but also worsens interpersonal relationships. Children from early age play with tablets and mobiles, often losing social contact with their peers.
In March, a delegation of experts from five different organizations focused on child safety on the Internet and personal data protection from Bosnia and Herzegovina visited our Association.
The CZ.NIC Association used the Safer Internet Day to introduce its new project, aimed at children´s safety online. The CZ.NIC Association acts as a coordinator of the project that started on 1 January 2019, another partner is the Safety Line, ensuring the operation of a helpline. CZ.NIC will continue operating the Czech national hot-line STOPonline.cz, which received a record number of reports last year.
Today, I would like to go back to the topic I brought up in my earlier blog post. At that time, I was horribly angry at the administrators of photo sharing servers. I was angry at the absence of better mechanisms to check the photos people upload. Why don’t they have a person who would take a look at them? Why don’t the make the albums private by default? I could go on, but after almost two years of what seemed like fighting windmills, I have realized one thing. It’s not the administrators’ or providers’ fault — everyone is responsible for their own actions.
Vulnerability of SOHO routers becomes a topic of analyses by various security organizations almost every week. The 2017 Symantec report shows a year-on-year increase in the number of attacks on IoT devices by 600%. The most vulnerable are unsecured routers, which often make it possible to gain easy access to each connected device. The April’s alert from the official US-CERT also tells us of the growing number of these attacks and their severity.