DNS Attacks
Andrew Kelly
akelly at corisweb.org
Mon Jul 28 08:58:30 UTC 2008
On Fri, 2008-07-25 at 13:32 -0500, Les Mikesell wrote:
> Björn Persson wrote:
> >
> >> If you are really paranoid (or about to do large transactions on what
> >> you hope is your banking site), you could do a 'whois' lookup for the
> >> target domain to find their own name servers and send a query directly
> >> there for the target site.
> >
> > Check that the domain name in the address bar is right, that you're using
> > HTTPS, and that the bank's certificate has been verified correctly. Then
> > you're safe, unless the attacker has *also* managed to trick one of the
> > certification authorities into issuing a false certificate, or somehow
> > sneaked a false CA certificate into your browser.
>
> You aren't paranoid enough. What if the spoofer is also a system
> administrator at the bank with access to a copy of the real certificate
> that he installs on the machine he's tricked your dns into reaching -
> with the expected name that you'll still see.
Exactly.
I've made the decision to surf the Internet using only a sketch pad and
sticks of medium charcoal for the next several months, until this is all
resolved.
Last time something like this happened my cousin caught a trojan that
got into is toaster. It later grew and arm and stabbed him in the eye.
It was a big joke for a while (http://xkcd.com/293/) and eventually
attained urban myth status. But all myths have their basis in reality
and I was there for this one.
Remember, just because you're paranoid, doesn't mean your not in dire
need if immediate assistance from a mental health professional.
[sheesh]
Andy
More information about the fedora-list
mailing list