[robertjordanusa]

Hopefully everyone knows about this DNS server hacking scheme that is able to hack a DNS server and send millions of unwitting web surfers to cloned websites. If this was a bank a hacker could potentially clone a website to perfection except for the login frame which could then send the hacker your user name and password and then forward you to the actual website unknowingly. The browser would just assume that they typed their password in wrong. This could net a hacker millions of bank account logins in a matter of the first hour. This appears to me to be the MOST DANGEROUS exploit of the internet in history.

WHAT IS THE SOLUTION?
It would seem that the solution, barring a DNS server side fix, is to type in the actual IP address (ex. 159.53.64.54) for the secure sites that you wish to visit instead of using a URL "chase.com" The problem with this is that Safari always adds an *http://*159.53.64.54 to the beginning of the address disallowing you to use direct IP addresses.

*How can I type in a direct IP address into Safari, Firefox etc.?* Please let there be an answer.

[Jacke]

Safari adding http in front of an adress (whether url or IP) is normal.

[pcryan5]

Originally Posted by robertjordanusa 

This appears to me to be the MOST DANGEROUS exploit of the internet in history.

You are very right - at least most O/S's have patched this by now - even Apple.

To answer your query - simply dropping the IP in the address bar works for me.

[C.A.T.S. CEO]

Originally Posted by robertjordanusa 

Hopefully everyone knows about this DNS server hacking scheme that is able to hack a DNS server and send millions of unwitting web surfers to cloned websites. If this was a bank a hacker could potentially clone a website to perfection except for the login frame which could then send the hacker your user name and password and then forward you to the actual website unknowingly. The browser would just assume that they typed their password in wrong. This could net a hacker millions of bank account logins in a matter of the first hour. This appears to me to be the MOST DANGEROUS exploit of the internet in history.

WHAT IS THE SOLUTION?
It would seem that the solution, barring a DNS server side fix, is to type in the actual IP address (ex. 159.53.64.54) for the secure sites that you wish to visit instead of using a URL "chase.com" The problem with this is that Safari always adds an *http://*159.53.64.54 to the beginning of the address disallowing you to use direct IP addresses.

*How can I type in a direct IP address into Safari, Firefox etc.?* Please let there be an answer.

I'm confused, you want to go to http://chase.com/ by its IP (which is 159.53.60.105, not the one you posted) so you can circumvent the DNS exploit, but without Safari adding http://?

http just refers to the protocol, without it you just have a IP. An example is http:// is for web traffic, https:// is SSL web traffic and ftp:// if for FTP connections. You are still going to the direct IP if Safari adds the http://.

(BTW, you can't go to chase.com by its IP, it redirects you to chase.com with a 'page not found' error.)

[Cold Warrior]

As others have said, you can use an IP if you want. Don't worry about the http prefixed to it in Safari.

You could also use OpenDNS on your network and computer(s). www.opendns.com
However, I read an article from yesterday - probably in the nytimes - which states that DNS servers are still vulnerable, just in minutes or hours as opposed to seconds.

With legitimate secure sites, you'd still get an invalid certificate and/or a pop-up telling you that.

[Thinine]

Yeah, just use OpenDNS and you don't have to worry about any of this crap.

[mduell]

Originally Posted by pcryan5 

You are very right - at least most O/S's have patched this by now - even Apple.

There were two issues exposed, one regarding implementations and one fundamental to the protocol. The implementation has been improved with randomization, but a 10 hour attack has already been demonstrated because the protocol specification is weak. Hopefully this will motivate people to move to Secure DNS, but I doubt it.

[robertjordanusa]

So am I to understand that there is no way to directly access pages within a website (ex. https://chaseonline.chase.com/Logon.aspx) using an IP address (xx.xx.xx.xxx. ~whatever) using the locations toolbar even though this is the most secure way to get anywhere. Thanks for the sense of helplessness, vulnerability and subservience to hackable DNS servers.

[Cold Warrior]

Don't blame us if the website gives you IP errors. The IP you gave looks up as resources-cdc2.chase.com and Firefox says the certificate is invalid. Also, chaseonline.chase.com and chase.com don't respond to pings. They want you to use SSL to access the site. You are not vulnerable to the DNS stuff if you pay attention to a site's security certificate.

The rest you can mitigate or eliminate with OpenDNS.

[lenox]

Is it wrong for me to hope that people with this sort of attitude DO get hacked?

[mduell]

Multiple domains can be hosted on one IP; I'm not surprised it doesn't work.

[ginoledesma]

You can achieve the same results by statically mapping the hostname to an IP address in your hosts file. This is located in /etc/hosts. Simply list down the IP address and the hostnames associated with it. For example:

Code:
159.53.60.105        www.chase.com chase.com wwwchase.gslb.bankone.com

This essentially causes your system to bypass DNS lookups (like the days of yore prior to DNS). You'll want to list down each host referenced by the www.chase.com site (or sites you visit), otherwise those go out via DNS.

Then again, is this really worth it? Using a patched/secured DNS server is the first step (which your ISP/Systems Administrator should have already done by now).

[Big Mac]

[Gavin]

Most huge site use an array of web servers. The DNS server gives you the IP of one of these servers at random or based on a load sharing scheme. So the server will redirect you to the domain name not the IP because the IP can change.

There have been hacks that reprogram a router to send IPs to the wrong place entirely. So even raw IP addresses are not necessarily safe!

Many decent banks will supply a picture that you choose (or even upload) which displays when you log in, only the real place will know your picture.

The only real security is to not use the web at all. I'm not that paranoid, but it might be smart to have a couple of accounts, one you never touch on line, and one for web use that you only leave a couple hundred bucks in (an amount that's useful, but won't wipe you out if you loose it). Transfer money in person when needed.

I keep my money in a dark basement, in a small locked room, with a sign on the door that says "Beware of the leopard!"

[lenox]

Also, it's worth noting that SSL certificates are issued per domain, not IP, so they will freak you out equally with a warning if you DO somehow manage to login to a banking website via IP.

Also, Safari is not doing anything incorrectly by prefixing the IP with http://, as long as it is talking to the server via HyperText Transfer Protocol.

Might be time to withdraw your money, convert it to gold bullion and hide in between the walls! Hehe.