DEFCON 19: Bit-squatting: DNS Hijacking Without Exploitation (w speaker)

By: Christiaan008

179   3   16267

Uploaded on 02/09/2012

Speaker: Artem Dinaburg Security Researcher, Raytheon

We are generally accustomed to assuming that computer hardware will work as described, barring deliberate sabotage. This assumption is mistaken. Poor manufacturing, errant radiation, and heat can cause malfunction. Commonly, such malfunction DRAM chips manifest as flipped bits. Security researchers have known about the danger of such bit flips but these attacks have not been very practical. Thanks to ever-higher DRAM densities and the use of computing devices outdoors and in high-heat environments, that has changed. This presentation will show that far from being a theoretical nuisance, bit flips pose a real attack vector. First the presentation will describe bit-squatting, an attack akin to typo-squatting, where an attacker controls domains one bit away from a commonly queried domain (e.g. vs. To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates. The presentation will show an analysis of 6 months of real DNS and HTTP traffic to bit-squatted domains. The traffic will be shown in terms of affected platform, domain queried, and HTTP resources requested. Using this data the presentation will also attempt to ascertain the cause of the bit-flip, such as corruption on the wire, in requestor RAM, or in the RAM of a third party. The presentation will conclude with potential mitigations of bit-squatting and other bit-flip attacks, including both hardware and software solutions. By the end I hope to convince the audience that bit-squatting, and other attacks enabled by bit-flip errors are practical and serious, and should be addressed by software and hardware vendors.

For more information visit:
To download the video visit:
Playlist Defcon 19:

Comments (1):

By dfeojm-zlib    2019-08-12

On the post, if Linus is referring to low-end Xeon and workstation non-Xeon lacking ECC, I think it's completely idiotic. Nearly all infrastructure should be baking in ECC as standard rather than some "option" to not have silent, unknowable, probabilistic corruption that is realistically realizable on a near-daily basis given the orders of magnitude of network, storage and computational volumes of today (and the future) by ever lower tiers of end-users and common examples of network infrastructure.

DEFCON 19: Bit-squatting: DNS Hijacking Without Exploitation (w speaker)

Original Thread