Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug.
Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains.
Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card cookies of the attacked domain, and even set cookies. In addition, a malicious app instantiate the Browser app on the attacker's malicious web-page. If the attacker knows the PID (for example, a malicious app can access that information), the attack expected time can be reduced furthermore.
Vulnerability dubbed as "CVE-2012-2808" Android 4.1.1 has been released, and patches are available on AOSP. The random sample is now pulled from /dev/urandom, which should have adequate entropy by the time network activity occurs.
This piece of writing is truly a nicee one it assists
ReplyDeletenew the web viewers, who are wishing for blogging.
Review my site :: free xbox live codes
Hi there just wanted to give you a quick heads up. The text in your article seem to be running off the screen in Chrome.
ReplyDeleteI'm not sure if this iis a format issue or something to do with browser compatibility but I figured I'd
post to let you know. The style and design look great though!
Hope you get the issue fixed soon. Kudos
my website diablo 3 download
Greate post. Keep posting such knd of information on your page.
ReplyDeleteIm really impressed by your site.
Hi there, You have performed a great job. I'll certainly digg it aand individually recommend to
my friends. I'm confident they will be benefited from this web
site.
Have a look at my site ... free psn codes; tinyurl.com,
This is very interesting, You're a verry skilled blogger.
ReplyDeleteI have joined your rsss feed and look forward to serking more
of our fantastic post. Also, I've shared your wesbsite
in my social networks!
Also visit my website psn free codes
Good answers in return of this question wikth firm arguments and telling all about that.
ReplyDeleteTake a look at my homepage: free amazon gift card codes
It's appropriate time to make a few plans for the future and it's time to be happy.
ReplyDeleteI've learn this put up and if I could I wish to suggest you some attention-grabbing things or
tips. Perhaps youu could write next articles relating
to this article. I desire to learn more
things about it!
Here is my web page :: get scribblenauts unlimited ()
I was excited to find this website. I wanted to thank you for ones time
ReplyDeletedue to this fantastic read!! I definitely appreciated every little bit of it and i also have you book marked to check out new stuff on
your blog.
Here is my website; download Surgeon Simulator 2013 Free Of charge
Hello! Do you know if they make any plugins to safeguard against hackers?
ReplyDeleteI'm kinda paranoid about losing everything I've worked hard on.
Anyy suggestions?
Here is my blog; World of Warcrafvt download ()
I tend not to comment, however I looked at some of the responses on
ReplyDeletethis page "CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed".
I actually do have 2 questions for you if it's allright.
Is it just me or do a few of these responses look like they are coming from brain dead individuals?
:-P And, if you are writing on additional online
sites, I would like to keep up with everything fresh you have too post.
Could you list of all of your sharsd sites like your
Facebook page, twitter feed, or linkedin profile?
Here is my page :: don't starve download
I am actually happy to read this blog posts which carries
ReplyDeletetons of useful data, thanks for providing these kinds of information.
Feel free to visit my web blog - amazon gift card generator -
,
Awesome site you have here but I was wondering if you knew of any user discussion forums that
ReplyDeletecover the same topics discussed in this article?
I'd really love to be a part of group where I can get comments from other knowledgeable individuals that share the same
interest. If you have any recommendations, please let me know.
Thanks!
Feel free to surf to my blog ... Hacking free xbox live codes Engine