DNS Attacks
Les Mikesell
lesmikesell at gmail.com
Fri Jul 25 18:32:58 UTC 2008
Björn Persson wrote:
>
>> If you are really paranoid (or about to do large transactions on what
>> you hope is your banking site), you could do a 'whois' lookup for the
>> target domain to find their own name servers and send a query directly
>> there for the target site.
>
> Check that the domain name in the address bar is right, that you're using
> HTTPS, and that the bank's certificate has been verified correctly. Then
> you're safe, unless the attacker has *also* managed to trick one of the
> certification authorities into issuing a false certificate, or somehow
> sneaked a false CA certificate into your browser.
You aren't paranoid enough. What if the spoofer is also a system
administrator at the bank with access to a copy of the real certificate
that he installs on the machine he's tricked your dns into reaching -
with the expected name that you'll still see.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list