DNS vulnerability

Valter Douglas Lisbôa Jr. douglas at trenix.com.br
Tue Jul 29 03:59:15 PDT 2008


I have lost part of this. Do you (Chris, Marty or anyone else) may point me 
where all this information is present? 

On Monday 28 July 2008 19:53:48 Chris Buxton wrote:
> Marty,
>
> You continue to completely misconstrue what people are saying, because
> you want to believe this is harmless and is being blown out of
> proportion.
>
> Mr. Kaminsky did not say what you said he said. Not at all.
>
> As for the bad guys not having SSL certs, you're wrong there again.
> Criminals have been known to fool a CA into issuing them a cert for
> someone else's legitimate business. The DNS exploit under discussion
> could even theoretically be used to accomplish this.
>
> Chris Buxton
> Professional Services
> Men & Mice
>
> On Jul 28, 2008, at 2:59 PM, marty wrote:
> > Ok guys, Dan Kaminsky finally let the cat out of the bag,
> > and demonstrated some popular software can be exploited.
> > Pretty much a non-event despite all the hype.
> >
> > The only people who can fix this are the major players who
> > are a bunch of fat, lazy, greedy, corporate types.
> > Users are not directly vulnerable to this in most cases.
> >
> > He also made it very obvious this is far more annoyance than
> > threat. Being redirected to a malware site does not present
> > any real danger for Linux users or even to patched Windoze
> > users. That is only the first step anyway.
> >
> > Attackers still must use a secondary vehicle to deliver the
> > main attack once they have diverted you to a site they
> > control. They will probably try to use a hidden Iframe
> > injected into a real banking site to fool you and steal your
> > password. Very old hat and only idiots will fall victim.
> >
> > Secure transactions cannot be successfully faked because the
> > attackers don't have the SSL private key. Your browser will
> > clearly show when the connection has unencrypted portions.
> > Disconnect when in doubt. Duh.
> >
> > Web sites have much more to fear, because they can easily be
> > diverted to porn sites or whatever. Totally harmless except
> > from a reputation standpoint. God.com => Hotporn.com.
> > oops.... actually, that might prove to be a blessing:)
> >
> > No the sky is not falling and this will pass soon.
> > But watch out for that Banana vuln..It's a real killer.
> >
> > Marty B.
> >
> >
> > --
> > Electile Dysfunction : the inability to become aroused over
> > any of the
> > choices for President put forth by either party in the 2008
> > election.
> >
> > --
> > http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
> > FAQ: http://www.linuxfromscratch.org/faq/
> > Unsubscribe: See the above information page



-- 
Valter Douglas Lisbôa Jr.
Sócio-Diretor
Trenix - IT Solutions
"Nossas Idéias, suas Soluções!"
www.trenix.com.br
contato at trenix.com.br
Tel. +55 19 3402.2957
Cel. +55 19 9183.4244



More information about the hlfs-dev mailing list