Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > myfamily.com cookie?

myfamily.com cookie?
Thread Tools
Junior Member
Join Date: Jul 2004
Location: Boise, Idaho
Status: Offline
Reply With Quote
May 9, 2005, 02:08 PM
 
I could use your wise and divine assistance.

Yesterday, I used Camino to try to surf to 'www.half.com' and it pipes me over to a site hosted by 'myfamily.com'

I try to go to my bank site and Camino does the same. I clear the cache, empty the website URL log history, removed all cookies, and retried. Same results.

I used Safari and got the same results. I then tried Firefox and got the same results.

What on Earth is happening? This feels like one of those horrible cookies that M$ Windows users get.

Aaaaaaaa.

Thanks,
Curtis
MBP / 3gig memory / 200gb hard drive / Superdrive

Mac Pro 4x2.66 cores / 8gb memory / ATI 256mb vid / storage---always increasing. :D
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
May 9, 2005, 04:42 PM
 
That sounds like your browser has been hijacked. It doesn't happen only to Windows users, either, it's just far less common in the Mac world. This hijack looks like a DNS corruption-either weirdness from OS X, or done deliberately by some site. BTW, I tried half.com, and I got the eBay hosted half.com store, so it's not that particular address itself.

I think you MAY be able to fix this by flushing your DNS server address and cache. The only way I know how to do this is with Terminal, though there is bound to be an easier way...

Anyway, open Terminal and type "lookupd -flushcache" (no quotes) and hit return. This flushes the DNS cache. Now before you do anything else, restart the computer. Restarting-a full boot-will restore your DHCP-provided DNS server addresses in case they were corrupted.

Glenn -----OTR/L, MOT, Tx
     
Junior Member
Join Date: Jul 2004
Location: Boise, Idaho
Status: Offline
Reply With Quote
May 9, 2005, 05:57 PM
 
You're correct. I did the solution you said and it worked fabulous.

Thank you very much. Curse that myfamily.com site. <bleh>

Curtis
MBP / 3gig memory / 200gb hard drive / Superdrive

Mac Pro 4x2.66 cores / 8gb memory / ATI 256mb vid / storage---always increasing. :D
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
May 9, 2005, 06:47 PM
 
How is this attack performed on a Mac running OS X ?
I sure hope that this can not be done just by browing a website...

ghporter, do you know anything about the technical stuff behind the hijack execution ?

-t
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
May 9, 2005, 08:21 PM
 
turtle, in this case I think it was an accidental corruption of tastethepain's DNS cache.

However, there are ways to actively and maliciously hijack DNS entries. Here's a VERY recent story about Google having at least some DNS servers' entries for them being altered. And as it turns out, there is an exploit against Window's DNS resolver module that could allow a malicious entity to hijack an entire session. An attacker can also impersonate a DNS server, particularly when you're using a link on a site that is not necessarily reputable, or is forged.

DNS hijacking isn't new-in fact Verisign was recently sued for its "hijacking" of addresses through its policy of providing "best guess" matches to Verisign customers rather than actual closest text matches. I found references from five years ago about this issue, which surprised me, especially since the February 2000 report I read was about the apparent defacement of RSA Security's web site. As it turns out, the bad guys really hijacked RSA's DNS entry, so RSA wasn't "powned" by them, they just detoured traffic to a different place.

And here's a great explanation of DNS spoofing. Spoofing is a particularly evil problem, because it can potentially affect EVERYONE, rather than being localized.

Bottom line here is that this is out there, and it is possible to run into it even with a Mac, but there are simple ways to fix it. The only thing you need to worry about with this is when you are directed to a site that isn't what it seems, and that's something we all need to watch anyway. Keep your eyes on where links actually going, that you're really on a secure connection (I've seen counterfeit web sites that hid IE's status bar and put up a graphic with live "link address" text to spoof the user into thinking they actually were on a good SSL connection), and so on. Be vigilant and if something seems just "wrong" it probably is. When in doubt, type the link by yourself.

I know that's not as comforting as I'd like it to be, but that's the best I can do right now.

Glenn -----OTR/L, MOT, Tx
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
May 10, 2005, 11:07 AM
 
Thanks, gporter.

So if I understand you correctly, nothing is hacked on a local machine (OS X), but rather, on the DNS server. The only thing that happens on your machine is that if you surf and send requests to a hacked DNS server, your computer will get altered DNS information from the server and your local machine will cache it until the next reboot. Is that correct ?

-t
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
May 10, 2005, 01:53 PM
 
turtle, you have the basics. The problem is that while the original misdirection that got this thread started was obvious, intentional misdirection may not be. DNS is the heart of getting where you intend to go, so it's very important that it remain trustworthy. Fortunately, DNS server operators know this.

Glenn -----OTR/L, MOT, Tx
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 11:30 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2