Cloudflare has launched new free public DNS resolvers 22.214.171.124 and 126.96.36.199 on April Fools day 2018 (This is not a joke, its a real service). This service competes directly with Google’s and OpenDNS’s public resolvers.
Cloudflare claims to build the new resolvers with Security and Speed as basic features. Here are the results for latency test for both 188.8.131.52 and 184.108.40.206 from all over the world for comparison (Click on the image to zoom).
Of course this is just a simple latency test and actual performance may vary depending on different other factors.
Memorable IP Address
Until now Google 220.127.116.11 used to be the most memorable publicly used ip address followed by Level 3’s 18.104.22.168. Cloudflare’s 22.214.171.124 is not more memorable than Google’s 126.96.36.199 but I have to admit its way cooler. This is important because you can use domain names so you dont have to remember ip addresses of websites but you cannot do it with DNS servers and you need to know the ip address.
DNS-over-TLS and DNS-over-HTTPS Support
DNS protocol was not designed with security in mind because at the time it was designed it did not need it. Its not true for today’s internet. For that reason CloudFlare’s DNS servers support both DNS-over-TLS and DNS-over-HTTPS from day 1.
Fastest DNS Server
Cloudflare has also posted in their blog that DNSPerf has ranked 188.8.131.52 as the fastest DNS server with an average of 14ms of query speed. Of course you will get different results based on your location and whether or not you are a Cloudflare customer.
DNS Query Name Minimisation to Improve Privacy
Cloudflare also supports DNS Query Name Minimisation to Improve Privacy as defined in RFC7816 which means that Cloudflare’s DNS resolvers do not send full query to the upstream name servers which reduces the information leaked to upstream DNS servers, like the root and TLDs.
Along with 184.108.40.206 and 220.127.116.11.1 Cloudflare has also provided memorable ip addresses for their IPv6 DNS servers 2606:4700:4700::1111 and 2606:4700:4007::1001.
You can learn more about Cloudflare’s DNS server’s on https://18.104.22.168
Microsoft has released an out of band patch to fix the “Meltdown” vulnerability on 3rd of Jan 2018. More details of the patch can be found on the official KB4056892 page.
This patch is available only for Windows 10 OS. The patch will install automatically once the PC connects to internet.
There has been multiple reports of some application not being compatible with this latest patch. Certain Antiviruses are causing blue-screen after installing the Meltdown patch.
There has been reports of some SSL VPN applications not connecting to the server after the patch is applied
Antivirus vendors are releasing patch to fix the compatibility issues but it may take a few days for all of them to be available.
I would recommend you to update all the important application installed on the PC before applying this patch to prevent any incompatibility issues.
If you the patch is already installed and there is some critical application causing issues, you can try to uninstall the patch and check if the application works without this patch.
Recently Mathy Vanhoef of imec-DistriNet has discovered a vulnerability in WPA2 standard which enables a Man in the Middle to sniff and decrypt packets over the wireless network. The details about this vulnerability is provided on https://www.krackattacks.com/
WPA2 is used to secure the wireless communication between the clients and access point. It was considered as unbreakable untill this vulnerability is discovered. Here are the key things you should know about this vulnerability.
- This vulnerability cannot be exploited remotely. The attacker or his device must be close enough to connect to the targeted wireless network to run the attack. This limits the effect of this vulnerability significantly.
- There has been no reports of this vulnerability being exploited in the wild, yet.
- This only enables the attacker to decrypt the wireless frames and expose the payload. Is the communication is over HTTPS/TLS the attacker can still not decrypt the payload and all of your communication data is still safe.
- The vulnerability was discovered many months ago and was communicated to many vendors whose products are vulnerable. So the patches will be available soon.
- This vulnerability effects every client device that uses wireless as the vulnerability is in the WPA2 standard.
- There are no patches available to fix it at this moment so till the time the device vendor releases a patch the wireless communication is prone to this attack.
- This enables the attacker to get private information over wireless communication if the payload is sent over plain text/http protocol.
- Though the HTTPS communication is safe from this attack, it still exposes your DNS traffic which is in clear text.
- The attacker can modify the DNS traffic and can redirect you to a malicious website.
Things you should do to keep yourself safe from this attack.
- Keep an eye on any update released by your device vendor, patch the device as soon as an update is available.
- Do not send any private information like Username/Password, account login, Payment information, personal details over unencrypted connection. Always check of the website you are submitting the details is using HTTPS for encrypting all the communication related to private information.
- Ensuring this green lock button on the browser is even more important now as the attacker can modify DNS traffic and redirect you to a malicious website. If that is the case you will get a certificate error on the browser. Do not proceed if your web browser warns you about any problems with the website certificate.
- If possible always use VPN when connected over wireless, so that all the communication over wireless is protected by an extra layer of VPN encryption.
- For the paranoids, keep yourself from using wireless at all until this vulnerability is patched.
A new android Malware has been found by Trend Micro which it claims is a successor to a Dress Code malware found earlier.
This malware uses port 22 to establish a SSH session with its Command and Control (CnC) server owned by the attacker.
As it uses SSH all the data between the Android phone and its CnC server are encrypted which makes it difficult for the enterprise security infrastructure to detect it. Security solutions cannot detect the data inside the encrypted connection unless they are doing Deep Packet Inspection of SSH traffic.
How MilkyDoor Malware Works
Using this SSH session the attacker can run vulnerability scan on the internal network. This is important as many enterprise allows employees to use their own phones connected to the same network as the internal infrastructure.
MilkyDoor was recently found in over 200 Android applications available through the Play Store.
It is important for the enterprise security gateway solutions to block all ports for the BYOD network except the ports necessary.