Support NeoGAF

[CrudeDiatribe]

What about myself who HAS futzed a little with DNS settings?

If someone has compromised a network device that your traffic passes through then you're fucked. There are many routes to you being fucked, but you're fucked. The DNS servers you choose to use have little bearing in this instance.

Just be cognizant of the traffic you send through unpatched Apple software.

 

[mrkgoo]

If someone has compromised a network device that your traffic passes through then you're fucked. There are many routes to you being fucked, but you're fucked. The DNS servers you choose to use have little bearing in this instance.

Just be cognizant of the traffic you send through unpatched Apple software.

Seriously? What difference does having the DNS servers set on the computer instead of the router have?

I mean, a lot of people suggest you should use like Google DNS instead of ISP ones and get you to set them on your computer.

I always thought that it just has the computer directly access the DNS servers instead of going through the router.

Or is that the issue? In that the router actually affords protection and bypassing it meant bypassing protection?

I guess it means someone could spoof the DNS servers but wouldn't they still need access to my router or something? Or something else.

Well crap. This would suck.

Edit: oh you just mean in general if my router has been compromised? I wouldn't say so, but who really knows.

Or do you specifically mean I am screwed if I changed my DNS settings in this instance?

All this stuff has me seriously paranoid.

 

[Chichikov]

What about myself who HAS futzed a little with DNS settings? I normally add the primary and secondary DNS servers from either ISP or public one like google to the DNS servers settings on devices and computers because it offloads the DNS work from router which is old and doesn't work reliably when it's handling all the DNS traffic (probably ever since browsers did DNS pre-fetching).

For a man in the middle attack like that to work the attacker need to control the DNS, it is unlikely that hackers manage to compromise google's.

Seriously? What difference does having the DNS servers set on the computer instead of the router have?

I mean, a lot of people suggest you should use like Google DNS instead of ISP ones and get you to set them on your computer.

I'm not sure I understand what you're asking, but what he's saying is true, if hackers take control of any machine upstream from you, they can now mount a successful man in the middle attack.
But historically, DNS poisoning is more common than hacking an ISPs (or anything upstream from that), though I should stress, that require a flaw in the DNS software, the point is that without that bug, even if someone poison your DNS or took control of an upstream server, they still won't be able to impersonate amazon.com.
Now they can.

 

[ThanksVision]

Might as well post this here too

So I just dropped my 5 in a hot cup of tea on accident. Only the top half of the phone went in, but the screen began flickering, scanlines ran all over in different colors, and the speaker started popping. After a few seconds, everything went dark. It's in a bag of rice now, but I'm very certain it died right in front of my eyes, no?

Anybody know replacement costs? sigh

 

[mrkgoo]

For a man in the middle attack like that to work the attacker need to control the DNS, it is unlikely that hackers manage to compromise google's.

I'm not sure I understand what you're asking, but what he's saying is true, if hackers take control of any machine upstream from you, they can now mount a successful man in the middle attack.
But historically, DNS poisoning is more common than hacking an ISPs (or anything upstream from that), though I should stress, that require a flaw in the DNS software, the point is that without that bug, even if someone poison your DNS or took control of an upstream server, they still won't be able to impersonate amazon.com.
Now they can.

I understand that. That's what all this stuff is about.

But I initially read his reply in a way that meant I am already specifically screwed because I changed my DNS settings (I use my ISP DNS servers on my computer instead of allowing my router to do it - basically entering DNS server addresses into my computer and device network settings). This was after you mentioned futzing with DNS settings. And the crude diatribe quoted me specifically on that.

Now that I read it again, he might have meant in a more general fashion that I WOULD be screwed if an upstream agent is compromised and that has nothing to do with DNS. That I understand.

But yeah I'm not sure what he meant. Just wondering if I'm already screwed BECAUSE I used my ISP DNS directly on my computer (which has obviously been Unpatched since release) instead of going through my router (for DNS). You know, assuming my router hasn't been compromised and the ISP DNS servers haven't been compromised.

 

[Chichikov]

But yeah I'm not sure what he meant. Just wondering if I'm already screwed BECAUSE I used my ISP DNS directly on my computer (which has obviously been Unpatched since release) instead of going through my router (for DNS). You know, assuming my router hasn't been compromised and the ISP DNS servers haven't been compromised.

You mean that you disable DNS caching on your router?
If anything that should make you a bit safer, since you can't be screwed by a direct DNS poisoning on your router (and if the ISP DNS get fucked, your router is not going to help you anyway).
Though it should be noted that such attack would require a pretty serious (and unrelated to this issue) security flaw in your router.

 

[mrkgoo]

You mean that you disable DNS caching on your router?
If anything that should make you a bit safer, since you can't be screwed by a direct DNS poisoning on your router (and if the ISP DNS get fucked, your router is not going to help you anyway).
Though it should be noted that such attack would require a pretty serious (and unrelated to this issue) security flaw in your router.

No, normally the DNS servers are set on and by the router. Then my computer DNS settings point to the router. These are default settings.

But this causes overload on the router with too many devices it tends to fall over, or get it's lines crossed. Years ago, I found that letting the router do it sent me to sometimes random sites or unable to access certain services after a while.

By inputting the DNS server directly into my computer network settings none of this happened. So I've been doing that by default. That is, put the ISP DNS server IP addresses into my computer.

My ISP help web page even suggests such an action if having access issues.

 

[CrudeDiatribe]

But I initially read his reply in a way that meant I am already specifically screwed because I changed my DNS settings.[...]

Now that I read it again, he might have meant in a more general fashion that I WOULD be screwed if an upstream agent is compromised and that has nothing to do with DNS. That I understand.

Yes, you misread it the first time. I have had a lot of red wine, so it may entirely be my fault.

 

[mrkgoo]

Yes, you misread it the first time. I have had a lot of red wine, so it may entirely be my fault.

Wait, so you were just explaining it on general terms that I WOULD be screwed if my network is compromised and NOT that in already screwed for entering my DNS settings?

Whew.


I think once the patches and things come out I might change my important passwords anyway (I normally do on a regular basis).

 

[iceDragon7]

If I don't ever view any questionable sites what are the odds of being hacked?

 

[toadsworth]

Anything on an OSX patch for the vulnerability? I just bought a MacBook and use it on campus all day long. Good thing I'm a college student with no money to steal...

 

[Chichikov]

If I don't ever view any questionable sites what are the odds of being hacked?

Again, this exploit does not allow an attacker to gain access to your computer, but it does allow an impersonation of a trusted website (or online service), so you'll think your giving your personal information to your bank/amazon/itunes/favorite premium porn site when in fact a 3rd malicious party grabs it all.
In order for that to happen you need to either use a network the attacker at least partially control (either by using his wifi connection or because he gained control of any upstream server) or has another unrelated security flaw exploited to direct you to the fake server/service (like DNS poisoning).

 

[iceDragon7]

Eh. I'll stick with 6 then. On Verizon. Never got asked for 6.1.6. Doesn't even look like it exists on Verizon and I'm not really fond of ios7

 

[smokeandmirrors]

Anything on an OSX patch for the vulnerability? I just bought a MacBook and use it on campus all day long. Good thing I'm a college student with no money to steal...

I've been running chrome on it and not doing anything important on there for the time being.

Chrome passes the gotofail.com test but safari doesn't.

 

[CrudeDiatribe]

Anything on an OSX patch for the vulnerability? I just bought a MacBook and use it on campus all day long. Good thing I'm a college student with no money to steal...

Use Chrome or Firefox and don't download stuff from iTunes/Mac App Store. Use webmail in those browsers instead of Apple Mail (or use Outlook or another third party client). When you read that a patch for 10.9 has been released, download it from the web if possible in either of those browsers or get on a trusted network.

Never got asked for 6.1.6. Doesn't even look like it exists on Verizon and I'm not really fond of ios7

Carrier is irrelevant for iPhone upgrades, this isn't Android.

 

[Tunesmith]

Eh. I'll stick with 6 then. On Verizon. Never got asked for 6.1.6. Doesn't even look like it exists on Verizon and I'm not really fond of ios7

iOS 6.1.6 is only out for devices that can't update to iOS 7. If your device supports iOS7, you get prompted with 7.0.6.

 

[infiniteloop]

10.9.2 is out and fixes the issue for Mavericks.

 

[rezuth]

Might as well post this here too

$200/€200

 

[jstripes]

10.9.2 is out and packages the issue for Mavericks.

Yup. Installed. Works fine.

 

[Splash Wave]

Is this *just* security. My 5s home button is extremely slow, so I'd love a fix for that.

 

[jstripes]

Is this *just* security. My 5s home button is extremely slow, so I'd love a fix for that.

10.9.2 is for Mac.

7.0.6 was released last Friday for iPhone. (7.1 is coming soon, and might fix that slowness issue.)

 

[chickdigger802]

Anyone else app got wonky with this update? Work's mobile app that streams video is having issues.

 

[Ovid]

10.9.2 is out and fixes the issue for Mavericks.

Thanks.

 

[wsoxfan1214]

I would suggest anyone who had these issues google "email@email.com/net/whatever" on google with the quotes. Someone suggested I do so and I noticed a few people who I know who had iOS devices came up.

Better to make sure your password doesn't come up anywhere online.

 

[Roo]

So if I update my old iPod to 6.1.6 and iPad to 7.0.6 I'm good?