DarkFiber Consulting – IT Managed Services

Bank Acquisitions and Phishing Scams

October 6th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of an increase in public reports of phishing scams related to recent bank acquisitions. Due to an increase in this activity, DarkFiber Consulting would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.

Phishing scams may appear as requests for users to verify personal and bank account information, enroll in additional bank services, or activate new security features. The email messages may contain a link that, when clicked, will take the user to a fraudulent web site that appears to be a legitimate bank web site. The users may be asked to provide personal information or that can further expose them to future compromises. Additionally, these fraudulent web sites may contain malicious code.

Users are encouraged to take the following measures to protect themselves from phishing scams:

NAT/PAT Affects DNS Cache Poisoning Mitigation

July 23rd, 2008 . by DarkFiber Consulting

DarkFiber Consulting released a Current Activity entry and a Vulnerability Note on July 8, 2008 regarding deficiencies in DNS implementations. These deficiencies could leave an affected system vulnerable to cache poisoning. Technical details regarding this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch systems or apply workarounds immediately.

A number of patches implement source port randomization in the name server as a way to reduce the practicality of cache poisoning attacks. Administrators should be aware that in infrastructures where nameservers exist behind Network Address Translation (NAT) and Port Address Translation (PAT) devices, port randomization in the nameserver may be overwritten by the NAT/PAT device and a sequential port address could be allocated. This may weaken the protection offered by source port randomization in the nameserver.

DarkFiber Consulting encourages users to consider one of the following workarounds:

  • Place the nameserver outside of the NAT/PAT device in the network infrastructure.
  • Configure the NAT/PAT device to perform source port randomization.
  • Configure the NAT/PAT device to preserve the source port assigned by the nameserver.

Additional information can be found in DarkFiber Consulting Vulnerability Note VU#800113.

More information will be provided as it becomes available.