DNS vulnerability

marty marty at goodoldmarty.com
Mon Jul 28 14:59:24 PDT 2008


Ok guys, Dan Kaminsky finally let the cat out of the bag,
and demonstrated some popular software can be exploited.
Pretty much a non-event despite all the hype.

The only people who can fix this are the major players who
are a bunch of fat, lazy, greedy, corporate types.
Users are not directly vulnerable to this in most cases.

He also made it very obvious this is far more annoyance than
threat. Being redirected to a malware site does not present
any real danger for Linux users or even to patched Windoze
users. That is only the first step anyway.

Attackers still must use a secondary vehicle to deliver the
main attack once they have diverted you to a site they
control. They will probably try to use a hidden Iframe
injected into a real banking site to fool you and steal your
password. Very old hat and only idiots will fall victim.

Secure transactions cannot be successfully faked because the
attackers don't have the SSL private key. Your browser will
clearly show when the connection has unencrypted portions.
Disconnect when in doubt. Duh.

Web sites have much more to fear, because they can easily be
diverted to porn sites or whatever. Totally harmless except
from a reputation standpoint. God.com => Hotporn.com.
oops.... actually, that might prove to be a blessing:)

No the sky is not falling and this will pass soon.
But watch out for that Banana vuln..It's a real killer.

Marty B.


-- 
Electile Dysfunction : the inability to become aroused over
any of the
choices for President put forth by either party in the 2008
election.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080728/10afbe6d/attachment.sig>


More information about the hlfs-dev mailing list