DNS Attacks

Les Mikesell lesmikesell at gmail.com
Fri Jul 25 18:32:58 UTC 2008

Björn Persson wrote:
>> If you are really paranoid (or about to do large transactions on what
>> you hope is your banking site), you could do a 'whois' lookup for the
>> target domain to find their own name servers and send a query directly
>> there for the target site.
> Check that the domain name in the address bar is right, that you're using 
> HTTPS, and that the bank's certificate has been verified correctly. Then 
> you're safe, unless the attacker has *also* managed to trick one of the 
> certification authorities into issuing a false certificate, or somehow 
> sneaked a false CA certificate into your browser.

You aren't paranoid enough.  What if the spoofer is also a system 
administrator at the bank with access to a copy of the real certificate 
that he installs on the machine he's tricked your dns into reaching - 
with the expected name that you'll still see.

   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list