2008-07-30

H.D. Moore: Punk't, not pwned.

Oh, how we love drama, and there's plenty of drama in the world of information security.

As you've probably figured out by now, Dan Kaminsky's report of a DNS static source port bug (and the simple exploitation of the same) has fueled a considerable source of recent controversy and drama. Shortly after details hit the security blogs, H.D. Moore (author of Metasploit) and |)ruid put together some checks for the vulnerability. Even yesterday, he released a third Metasploit plugin to check between two different DNS servers in an attempt to detect poisoning.

A few days ago, HD stumbled across a DNS server "in the wild" which had been poisoned to redirect all Google traffic to a batch of rogue sites meant to monetize google ads by automatically clicking them in hidden iframes. After discussing this DNS server in the wild with a reporter for IDG News Service, the reporter went on to write a piece (which is not worth linking to) blatantly stating that BreakingPoint Systems (where H.D. serves as Director of Security Research) was "owned", when there was no such pwnage.

A second article was published which clarified some points, but the original article is being linked to like mad on some social news sites, and it hasn't been edited yet as of the time of writing here.

For H.D.'s side of the story, check out his post on the Metasploit Blog.

blog comments powered by Disqus