Login

Register

Login

Register

#hacking | Pi-hole ad-blocking technology hack exposed


Sinkhole far from sunk by nonetheless cool web exploit

A security researcher has uncovered a neat – though far from critically dangerous – security vulnerability in Pi-hole, the network-based content filtering technology that’s popular with privacy-conscious web users.

Pi-hole offers a Domain Name System (DNS) sinkhole that protects devices from unwanted content without the need to install any client-side software.

The technology also offers a built-in Dynamic Host Configuration Protocol (DCHP) server, along with a web-based user interface that allows configuration of this server.

Security researcher François Renaud-Philippon discovered a remote code execution (RCE) vulnerability that meant an authenticated web portal user could hack into the underlying server.

The flaw (CVE-2020-8816) affects Pi-hole version 4.3.2 and earlier.

Pi vulnerability squared off

Renaud-Philippon disclosed the bug to developers of the Pi-hole last month, and facilitated the development of a patch.

Users of the Pi-hole who haven’t already updated their systems would be well advised to apply version 4.3.3, even though the attack fails to lend itself to remote exploitation.

Despite the fact that the possibility of exploitation is quite low, the security flaw is still an interesting find, as illustrated by a comprehensive write-up of the vulnerability and accompanying proof-of-concept exploit.

Pi-hole is a Linux-based advertisement and internet tracker blocking application that’s designed to run on embedded devices, such as the Raspberry Pi, or a network gateway PC running Linux.

The technology, which is popular with developers and privacy-conscious consumers, blocks advertisements and tracking domains for all the devices behind it on a home or small office network.

Pi-hole functions similarly to a network firewall, meaning that advertisements and tracking domains are blocked for all devices behind it, potentially including smart TVs and smartphones that by themselves lack native ad blocking software.

YOU MIGHT ALSO LIKE Kr00k exploit tool allows pen testers to probe for WiFi security vulnerability



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW