Web hosting providers that can't keep DNS servers clean are exposing low-budget government Web sites to malware.
Be the first to comment on this article
Riddle: What do the city of Plainville, Kan., and the Transportation Authority of Marin County, Calif., have in common?
Answer: a Web hosting provider that can't seem to keep its DNS servers clean.
ADVERTISEMENT
Both .gov domains in the past few months have seen their sites seeded with redirects to malicious servers in other countries that have pushed pornography, malware, Viagra ads and the like to site visitors.
TAM and Plainville are, in fact, two examples of what security researchers are calling an epidemic of sites being compromised through their hosting providers and injected with malicious Web attacker paths that lead to tool kits such as Icepack, Neosploit and Web Attacker. These malcode tool kits serve up anywhere from five to a dozen or more exploits that latch on to site visitors' machines through their browsers to infest the systems with malware.
Plainville and TAM have more than their victim status in common. On the face of it the two had separate hosting providers—StartLogic and IPowerWeb, respectively—but those two are in fact all but the same company, both headquartered at the same Phoenix address and both sharing the same customer contact listing.
IPowerWeb/StartLogic hadn't provided input by the time this story posted. Their track records paint a colorful portrait, however: The Better Business Bureau has processed 191 complaints about IPowerWeb in the last three years. StartLogic is not only rated as an "unsatisfactory" business at BBB but also has its own hate site, StartLogicSucks.com, which ranks third in a Google search on "StartLogic."
Not all site poisonings can be blamed on ISPs. Security problems arising from collaborative software such as wikis are the customer's fault, as are those associated with poorly written ASP code, sloppy PHP work and SQL hacks.
Read more here about the problems ISP sloppiness has caused for governement sites.
So it's not always the ISP's fault when a site gets seeded with garbage. Then too, there are plenty of ISPs that respond promptly when customers' security staffers report that their sites have been hijacked.
Judging by Morgan Bailey's experience, IPowerWeb is not one of those.
On Nov. 19, Bailey, an information security analyst for the Enterprise Security Office for the state of Kansas, noticed a number of discrepancies in the DNS registrar information for some sites pertaining to the city of Plainville, Kan. If he queried the DNS server to find out what company was hosting the Plainville.ks.gov domain name, it delivered one set of information. If he tweaked the host name to query about Plainville-kansas-gov, he received the correct DNS information. If he queried 7.t.city-of-plainville.ks.gov, he got servers located in Moldavia, or Serbia, or Estonia. The sites were redirecting to pages hosting malware
This was not the customer's fault. In fact, the city of Plainville didn't even have a site. The city had registered a domain name, but it had never gone live with a site and didn't have an IP address for its domain name. Everything that was being served on the pages was residing within IPowerWeb's servers, which had been infiltrated by attackers.
Because IPowerWeb's servers were vulnerable, criminals were able to register false DNS information, including different site names under the city of Plainville's domain name. Bailey's research turned up other sites with the same problem, also being hosted at IPowerWeb, including at least two other government sites: csm.ca.gov and Bridger-mt.gov.
Obviously, IPowerWeb had a problem. Getting it fixed would be an uphill battle, however, given the lack of human contact available.
Bailey found he had to send repeated e-mails to IPowerWeb's abuse e-mail contact—a frustrating exercise, given that the contact information was hidden and could only be retrieved via Google searches for cached information that had been removed from the site. When the ISP finally responded, it initially tried to brush him off by laying the blame back at the customer's feet.
"I sent them several e-mails," Bailey told eWEEK. "They returned [my e-mail] once saying it wasn't their fault, when it clearly was. I could trace everything back to their DNS servers."
Imagine the frustration of squeezing an ISP's site in an effort to find a responsive human to deal with a site that's been seeded with malware, with more and more innocent citizens potentially suffering drive-by malcode downloads as the clock ticks. Imagine that same frustration if the news has gotten out to security researchers, been blogged about, featured in news headlines, and resulted in the GSA pulling the plug on an entire state's domain, as happened in the case of California with TAM in October.
Tuesday, December 4, 2007
DiscountASP.NET Integrates Microsoft CardSpace with ASP.NET Web Hosting Control Panel
Pasadena, CA (PRWEB) December 4, 2007 -- DiscountASP.NET, a leader in .NET Hosting innovation, announces today the beta launch of Microsoft CardSpace integration into their ASP.NET web hosting control panel. Now, in addition to the traditional username and password login access, customers with Internet Explorer 7 and CardSpace on their local computer can use personal Information Cards for password-free login to their hosting control panel.
Microsoft introduced Windows CardSpace with the .NET Framework 3.0 release. CardSpace replaces the traditional username and password authentication with tools that help users better manage their digital identities while shielding them from various forms of identity attacks, such as phishing or brute force password attacks. Users can maintain a set of personal digital identities in the form of visual Information Cards, which can be self-issued or issued by an identity provider.
"The Control Panel CardSpace integration serves two main purposes. First, especially with the recent introduction of .NET 3.5 hosting, we wanted to demonstrate the use of new .NET 3.x technology," said Takeshi Eto, VP Marketing at DiscountASP.NET. "Second, we wanted to give our customers the opportunity to provide feedback on CardSpace during this early stage as Microsoft works toward delivering on their vision for an Identity Metasystem."
To use the CardSpace login option, users must first log into their hosting control panel and bind their InfoCard to their account using a newly launched Information Card Binding feature. After associating their InfoCard to their account, users can use the CardSpace login.
About DiscountASP.NETDiscountASP.NET is an award-winning, innovative leader in Microsoft Windows-based shared hosting, focused on providing the best value in ASP.NET hosting and SQL database hosting. A Microsoft Gold Certified partner, DiscountASP.NET was one of the first hosts to launch ASP.NET 3.5 hosting, IIS7 beta hosting, and ASP.NET AJAX hosting. Through strong word-of-mouth and their commitment to ASP.NET and SQL technology, DiscountASP.NET has become the choice for affordable, enterprise-class, ASP.NET web hosting. For more information, visit: http://www.DiscountASP.NET
Microsoft introduced Windows CardSpace with the .NET Framework 3.0 release. CardSpace replaces the traditional username and password authentication with tools that help users better manage their digital identities while shielding them from various forms of identity attacks, such as phishing or brute force password attacks. Users can maintain a set of personal digital identities in the form of visual Information Cards, which can be self-issued or issued by an identity provider.
"The Control Panel CardSpace integration serves two main purposes. First, especially with the recent introduction of .NET 3.5 hosting, we wanted to demonstrate the use of new .NET 3.x technology," said Takeshi Eto, VP Marketing at DiscountASP.NET. "Second, we wanted to give our customers the opportunity to provide feedback on CardSpace during this early stage as Microsoft works toward delivering on their vision for an Identity Metasystem."
To use the CardSpace login option, users must first log into their hosting control panel and bind their InfoCard to their account using a newly launched Information Card Binding feature. After associating their InfoCard to their account, users can use the CardSpace login.
About DiscountASP.NETDiscountASP.NET is an award-winning, innovative leader in Microsoft Windows-based shared hosting, focused on providing the best value in ASP.NET hosting and SQL database hosting. A Microsoft Gold Certified partner, DiscountASP.NET was one of the first hosts to launch ASP.NET 3.5 hosting, IIS7 beta hosting, and ASP.NET AJAX hosting. Through strong word-of-mouth and their commitment to ASP.NET and SQL technology, DiscountASP.NET has become the choice for affordable, enterprise-class, ASP.NET web hosting. For more information, visit: http://www.DiscountASP.NET
Subscribe to:
Posts (Atom)