DNS Attacks
Björn Persson
listor3.rombobeorn at tdcpost.se
Sat Jul 26 12:00:12 UTC 2008
Les Mikesell wrote:
> You aren't paranoid enough. What if the spoofer is also a system
> administrator at the bank with access to a copy of the real certificate
> that he installs on the machine he's tricked your dns into reaching -
> with the expected name that you'll still see.
Then the bank has failed to protect its secret key. I expect banks to have
rigorous security routines to control who can access sensitive systems, and
to be able to check afterwards who did what.
Could you elaborate on how whois guards against malicious system
administrators? Do you think security could be improved by having browsers
and other programs make whois queries automatically?
Björn Persson
More information about the fedora-list
mailing list