Cher AR et al,<br><br>Thank you for sharing the information regarding security issues that may put the usage of IPv6 at higher risk. I hope that the community will provide all that is needed by engineers to solve this impending problem and also their R&D activities should be given the necessary attention - it very important to keep pace with individuals who put us at risk.
<br><br>Cheers<br><br>Yassin Mshana<br><br><div><span class="gmail_quote">On 11/05/07, <b class="gmail_sendername">Anne-Rachel Inné</b> <<a href="mailto:annerachel@gmail.com">annerachel@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="540"><tbody><tr><td valign="top"><table border="0" cellpadding="0" cellspacing="0" width="300"><tbody><tr><td width="30"><img border="0" width="25">
</td>
<td width="270">
<b>par Nicolas SIMONIN</b><br>
<span><a href="mailto:nicolas.simonin@indom.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">nicolas.simonin@indom.com</a></span><br> </td>
</tr>
</tbody></table>
<br>
<span><b>Le .CA dénonce une fraude à l'annuaire.</b></span><br>
<img border="0" height="10" width="1"><br>
<span><b>Après
la France, le Canada est aujourd'hui la cible de Deutscher Adressdienst
GmbH, une société allemande proposant à un tarif très coûteux votre
inscription dans un annuaire "officiel".</b></span><br> <br>
<table align="right" border="0" cellpadding="0" cellspacing="0" width="150">
<tbody><tr>
<td rowspan="5" width="10"><img border="0" height="1" width="10"></td>
<td rowspan="5" bgcolor="#d8d9d9" width="1"><img border="0" height="1" width="1"></td>
<td colspan="3" bgcolor="#d8d9d9"><img border="0" height="1" width="1"></td>
<td rowspan="5" bgcolor="#d8d9d9" width="1"><img border="0" height="1" width="1"></td>
</tr>
<tr><td colspan="3" align="center" bgcolor="#d8d9d9" height="22"><b>POINTS ESSENTIELS</b></td></tr>
<tr><td colspan="3" bgcolor="#d8d9d9"><img border="0" height="1" width="1"></td></tr>
<tr>
<td width="4"><img border="0" height="1" width="4"></td>
<td valign="top" width="130">
<img border="0" height="4" width="130"><br>
• <b>Combien de .CA aujourd'hui ?</b><br>On compte 833 958 .CA enregistrés au 7 mai 2007<br><img border="0" height="4" width="1"><br> </td>
<td width="4"><img border="0" height="1" width="4"></td>
</tr>
<tr><td colspan="3" bgcolor="#d8d9d9"><img border="0" height="1" width="1"></td></tr>
<tr><td colspan="5"><img border="0" height="10" width="1"></td></tr>
</tbody></table>
<table align="left" border="0" cellpadding="0" cellspacing="0" width="191">
<tbody><tr><td style="padding-right: 15px;">
<img alt="" border="0" height="86" width="176"><br>
</td></tr>
<tr><td colspan="2"><img border="0" height="5" width="1"></td></tr>
</tbody></table>
Nous vous avions alerté <a href="http://www.domainesinfo.fr/actualite/1180/un-annuaire-a-prix-d-or.php" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> des agissements d'une société allemande qui, en échange de 960€
</a>, proposait aux internautes français d'intégrer un "soit disant" annuaire professionnel du registre français.
<br>
<br>Cette même société s'attaque depuis peu au territoire canadien par
courrier postal. Le registre du .CA a pris l'initiative de lancer un
message d'alerte pour informer ses internautes du caractère douteux de
ces courriers.
<br>
<br>L'Autorité canadienne pour les enregistrements Internet (ACEI)
demande aux titulaires de .CA de ne pas répondre aux lettres, aux fax
ou aux autres communications provenant de la firme DAD Deutscher
Adressdienst GmbH, une entreprise allemande qui opère sous la bannière
trompeuse de "Registre Internet du Canada" (Canadian Internet
Registry). Cette dénomination rappelle bien sûr celle de <a href="http://www.domainesinfo.fr/actualite/1180/un-annuaire-a-prix-d-or.php" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">"Registre Internet français"
</a> utilisée pour tromper le public français.
<br>
<br><big><b>1457$ de frais d'inscription à un annuaire !</b></big>
<br>
<br>Les lettres ou fax en français sont envoyés à des titulaires de .CA
sous le prétexte de mettre à jour leurs enregistrements de noms de
domaine. Il s'agit d'un stratagème visant à inciter les titulaires à
acheter un ensemble de services marketing, au coût de 1 457 $. <br>
<br><big><b> Affaire à suivre...</b></big>
<br>
<br>L'ACEI met donc en garde ses titulaires et leur déconseille
fortement de fournir tout renseignement ou de verser tout paiement à
cette entreprise. Elle a porté cette affaire à l'attention des
autorités policières et continuera à tenir les titulaires de noms de
domaine en .CA au courant des développements dans cette affaire.
<br>
<br><br>
</td></tr>
<tr><td><img border="0" height="15" width="1"></td></tr>
</tbody></table>
<br>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="540">
<tbody><tr><td>
Publié le lundi 7 mai 2007 </td></tr>
</tbody></table>
<br>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="540">
<tbody><tr><td><b>Les liens de l'article</b></td></tr>
<tr><td><img border="0" height="10" width="1"></td></tr>
<tr><td>- Vérifiez la disponibilité d'un .CA ?</td></tr><tr><td> <a href="http://www.indom.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.indom.com</a></td></tr> </tbody></table>
<br>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="540"><tbody><tr><td colspan="2" bgcolor="#000000"><img border="0" height="1" width="1"></td></tr>
<tr><td colspan="2"><img border="0" height="5" width="1"></td></tr>
<tr>
<td>Copyright © <b>DomainesInfo</b>. Tous droits réservés.</td>
<td align="right">Imprimé le 11/05/2007</td></tr></tbody></table><br><br><br><br><br>
<img>
<br clear="all">
<font>
The Phisher King - <a href="http://www.darkreading.com/document.asp?doc_id=123671" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.darkreading.com/document.asp?doc_id=123671</a><br>
<table border="0" cellpadding="0" cellspacing="0" width="582">
<tbody><tr>
<td align="left" valign="top" width="582"><table border="0" cellpadding="0" cellspacing="0" width="582">
<tbody><tr>
<td align="left" valign="top" width="100%"><table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td align="left" valign="top" width="100%"><h2>The Phisher King</h2></td>
</tr>
<tr>
<td align="left" valign="top" width="100%"><img border="0" height="18" width="1"></td>
</tr>
</tbody></table>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td align="left" valign="top" width="100%"><p><font><font>MAY 9, 2007</font>
| You see phishing attack attempts nearly every day, but what you don't
see is the face behind the attack. In a rare glimpse into the mind of a
phisher, hacker and security expert RSnake recently engaged an attacker
who says he makes $3,000 to $4,000 dollars a day and was willing to <a href="http://ha.ckers.org/blog/20070508/phishing-social-networking-sites" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">share
</a> a bit about himself and how he operates.
</font></p><p>
<font>RSnake, a.k.a. Robert Hansen, CEO of SecTheory and <a href="http://www.darkreading.com/blog.asp?blog_sectionid=403" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"><i>Dark Reading</i></a>
blogger, asked the phisher, called "lithium," how he operates, what
technology he uses, and just how much money he makes off these scams.
Lithium, who says he's 18 and has been phishing since he was 14, said
he has stolen over 20 million identities, mostly via social networking
worms. "I have so many hundreds of thousands of accounts to many
websites I haven't even got a chance to look through," he wrote to
RSnake, who today published the responses on the <a href="http://ha.ckers.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ha.ckers.org</a> blog. </font></p><p><font> While RSnake admitted he can't verify all of
lithium's actual numbers, he said in response to comments on his
ha.ckers blog that the phisher's story "jives" with that of traditional
phishers. </font></p><p><font> RSnake also confirms that lithium is an actual
phisher: "I found one of his old phishing sites," RSnake says. "I can't
comment on the numbers, but yes, he was definitely really a social
networking phisher."
</font></p><p>
<font>Lithium says he got interested in phishing after realizing the
scam emails his parents were getting were weak, but still basically
worked. "So, I knew automatically I could come up with more efficient
methods and have a far greater outcome."
</font></p><p>
<font>Lithium only phishes about three or four times a week, and he
targets social networking sites, mostly those frequented by the teen
crowd. "5 times out of 10 the person uses the same password for their
email account," he wrote. "Now depending what is inside their email
inbox determines how much more profit I make. If an email account has
one of the following paypal/egold/rapidshare/ebay accounts even the
email account itself, I sell those to scammers."
</font></p><p>
<font>The phisher said he typically tries to locate a domain name that
looks "realistic" to the target, and then finds an anonymous host,
typically offshore. "Although, I do tend to use compromised hosting
accounts," he wrote. "Secondly, I view the page source. Then I alter
the source code to post the forms information to my pishing [<i>sic</i>]
site. Thirdly, I create a php file which will POST the current forms
information to a text file on my server. I use the same php file with
every site...Just minor alterations are needed since it's mearly [<i>sic</i>] a few lines of php code."
</font></p><p>
<font>RSnake asked him how many people he typically phishes per day.
Depending on the size of the Website, lithium said, it's usually about
30,000. </font></p><p>
<font>HD Moore, director of security research for BreakingPoint
Systems, says while lithium does match the typical profile of phishers,
his "numbers seem a little on the high side."
</font></p><p>
<font>Plus, lithium's days as a phisher could be numbered if he isn't
careful. "Running a phishing site attracts attention -- it has to, or
it won't work. Bragging about how much money you make is a sure sign
you are going to get busted in the near future," Moore says. </font></p><p>
<font>Using freelance programmers is also a liability, Moore notes. "If
any of them get audited on where their money comes from, you can bet
they would turn over this guy in a heartbeat."
</font></p><p>
<font>Lithium, meanwhile, told RSnake he uses a dedicated server, VPN,
network encryption software, and a 1-Mbit/s ADSL line. Tool-wise, the
phisher said he uses MyChanger for most social networking sites: "This
makes pishing [<i>sic</i>] so much faster on social networking sites.
Everything is automated! messaging/bulletins/comments/profile
modifications it's great. Other than that, I get ALOT [<i>sic</i>] of custom programs built to suite [<i>sic</i>] my needs from freelance developers," he wrote.
</font></p><p>
<font>How does he remain in the shadows? "I use VPN's, Dedicated
servers, Proxies and my network traffic is encrypted. All payments are
made through egold."
</font></p><p>
<font>Interestingly, he admitted Internet Explorer 7 and Firefox 2.0's
anti-phishing filters "cause the most irritation" of phishing
deterrents available today.
</font></p><p>
<font>But security experts say not much seems to hurt lithium and other
phishers in the end. It's still always a game of catch-up for the good
guys, says Jeremiah Grossman, founder and CTO of WhiteHat Security.
"Microsoft and Mozilla spend years figuring out a workable solution,
then a short time later, it's all for not. Bad guys can adapt a lot
faster than the good guys, which is why our job is so much harder."
</font></p><p>
<font>And the wealth of Web application bugs is keeping lithium in
business -- for now, anyway: "Lazy web developers are the reason I'm
still around pishing," lithium wrote.</font></p>
<p><font>— Kelly Jackson Higgins, Senior Editor, <a href="http://www.darkreading.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"><i>Dark Reading</i></a></font></p>
<font><li><a href="http://www.darkreading.com/complink_redirect.asp?vl_id=9560" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">BreakingPoint Systems</a>
</li><li><a href="http://www.darkreading.com/complink_redirect.asp?vl_id=9014" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">WhiteHat Security</a> </li></font></td>
</tr>
<tr>
<td align="left" valign="top" width="100%"><img border="0" height="12" width="1"></td>
</tr>
<tr>
<td align="left" valign="top" width="100%"><img border="0" height="22" width="1"></td>
</tr>
</tbody></table></td>
</tr>
</tbody></table></td>
</tr>
</tbody></table>
</font><div align="center"><center>
<font><font>
Copyright © 2000-2007 Light Reading Inc. - All rights reserved.<br><br><br></font></font><div style="text-align: left;"><div>
<span style="font-weight: bold;">Experts scramble to quash IPv6 flaw</span><br>
<span>Robert Lemos</span>,
<span>SecurityFocus</span>
<span>2007-05-09</span><br>
<p>
A flawed feature that could amplify denial-of-service attacks on
next-generation networks has vendors and engineers rushing to eliminate
the potential security issue. </p>
<span>
<p>
This week, experts sent two drafts to the Internet Engineering Task
Force (IETF)--the technical standards-setting body for the Internet --
proposing different ways of fixing <a href="http://www.securityfocus.com/bid/23615" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">a problem</a>
in the way that Internet Protocol version 6 (IPv6) allows the source of
network data to determine its path through the network. The drafts
recommend that the IPv6 feature should either be eliminated or, at the
very least, disabled by default.</p>
<p>
The specification, known as the Type 0 Routing Header (RH0), allows
computers to tell IPv6 routers to send data by a specific route.
Originally envisioned as a way to let mobile users to retain a single
IP for their devices, the feature has significant security
implications. During a presentation at the CanSecWest conference on
April 18, researchers Philippe Biondi and Arnaud Ebalard pointed out
that RH0 support allows attackers to amplify denial-of-service attacks
on IPv6 infrastructure by a factor of at least 80.</p>
<p>
"In rough terms, it makes everything we thought was bad, a thousand times worse," Paul Vixie, president of the <a href="http://www.isc.org/index.pl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Internet Systems Consortium</a>,
said in an e-mail interview with SecurityFocus. "It can be exploited by
any greedy Estonian teenager with a $300 Linux machine."</p>
<p>
The security issues comes as more organizations are making the switch
to IPv6 from the current Internet routing standard (IPv4). The U.S.
federal government and many major corporations are transitioning to the
standard by the end of the decade. The U.S. Department of Defense and
the White House's Office of Management and Budget have mandated that
the military services and federal agencies <a href="http://www.whitehouse.gov/OMB/egov/b-1-information.html#IPV6" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">move their backbone systems</a> to IPv6 by June 30, 2008.
</p>
<p>
However, the standard is already widely supported by routers and
operating systems. Apple's Mac OS X, the Linux operating systems, and
Microsoft's next-generation operating system, Vista, uses the standard
as the default networking protocol. Microsoft supports wrapping IPv6
packets inside of IPv4 data, known as 6to4 tunneling, so that networks
sending data using IPv6 can communicate across the Internet, but
attackers could use the technique to <a href="http://www.securityfocus.com/brief/427" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">send covert data</a>.</p>
<p>
The RH0 security issues has its roots in the current Internet protocol
implementation. The specification for IPv4 allows the sender of data to
specify one or more routers through which the data must travel. Known
as source routing, the technique allows up to 9 other addresses to be
included in an IPv4's extended header, requesting that the packet be
routed through those specific addresses. While source routing can be
beneficial for diagnostics, it can also be used to amplify a
denial-of-service attack by a factor of 10 by alternating two target
Internet addresses in the header, ping-ponging the data between two
machines.</p>
<p>
While source routing has been accepted as a bad security risk by most
companies and most routers disable the feature by default, the IETF has
not eliminated the option from the specification and extended it to
IPv6.</p>
<p>
"IPv6 is really neat, but I think we are going to see a number of these
gotchas because it is still so new," said Jose Nazario, senior security
researcher with Arbor Networks. "It will likely shake out over the next
couple of years."</p>
<p>
Under IPv6, the impact of allowing users to specify some of the
addresses to which data must be sent, known as loose source routing, is
more dire. Because more addresses can be included in the header, rather
than magnifying an attack by 10, Biondi and Ebalard calculated that it
could amplify attacks by a factor of 88. In addition, RH0 also could
allow an attacker to dodge a distributed technology, known as AnyCast,
for protecting the 13 DNS root servers from attack and could be used to
create a backlog of packets that could spike traffic to a server at a
specific time.</p>
<p>
"It is exactly that: The reintroduction of the IPv4 loose source
routing mechanism in the IPv6 world and on steroids," said a network
engineer that asked not to be identified.</p>
<p>
The IETF reaction may have set a new speed record for the
standards-setting body. With engineers arguing technical merits and
peer-reviewing others' work while vendors push their specific
requirements, the IETF is not known for making quick decisions.</p>
<p>
Yet, after debating the issue since the CanSecWest presentation, engineers have published two proposals: <a href="http://www.ietf.org/internet-drafts/draft-jabley-ipv6-rh0-is-evil-00.txt" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
get rid</a> of the feature or make everyone
<a href="http://www.netcore.fi/pekkas/ietf/draft-savola-ipv6-rtheader-00.txt" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">turn it off</a> unless its really needed.</p>
<p>
"In practice it, it will be disabled, whether it gets left around for
future usage, that's up in the air," said Robert Hinden, co-chair of
the IPv6 Working Group for the IETF and a Nokia Fellow at the
networking and phone giant.</p>
<p>
Yet, companies and the engineering group responsible for a large
portion of the IPv6 routing code have moved quickly to disable the
feature. By late April, the Kame Project, which has created the code
used in many flavors of the BSD operating system as well as routers,
had disabled the Type 0 Routing Header in its own code. </p>
<p>
"They don't just avoid walking the RH0 header, but they also now drop
packets that contain it," said Theo de Raadt, project leader for
OpenBSD.</p>
<p>
Cisco has issued <a href="http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0fd.shtml" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">a security advisory</a> on the issue. Both Cisco and Juniper declined to provide a representative to discuss the issue.
</p>
<p>
Because IPv6 has not been fully deployed in most networks, it will
likely only take two or three years for almost all Internet service
providers to fix the issues, de Raadt said.</p>
<p>
ISC's Vixie agreed that the problem should be almost completely eliminated in three years.</p>
<p>
"I'd say in three years this will be a footnote," Vixie said.</p>
</span></div>
<br>
<p style="color: rgb(102, 102, 102); font-size: 8pt;" align="center"><a href="http://www.securityfocus.com/privacy" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Privacy Statement</a><br>Copyright 2006, SecurityFocus
</p></div><font><font>
</font>
</font></center></div>
<br>_______________________________________________<br>AfrICANN mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:AfrICANN@afrinic.net">AfrICANN@afrinic.net</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://lists.afrinic.net/mailman/listinfo.cgi/africann" target="_blank">
https://lists.afrinic.net/mailman/listinfo.cgi/africann</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>c/o DFID-Nigeria<br>No. 10 Bobo Street<br>Maitama<br>Abuja<br>Nigeria<br><br>Skype: yassin mshana<br>Mobile: +234-803 970 5117