Re: [Full-disclosure] Five Ways to Screw Up SSL

[Brian Dessent <brian@xxxxxxxxxxx>]

Valdis.Kletnieks@xxxxxx wrote:
> 
> On Mon, 22 May 2006 12:02:23 EDT, Dude VanWinkle said:
> 
> > DNS foo to the client, how easy is that? Would you have to get the
> > upstream DNS server to  cache your bogus entry?
> 
> You'd be *amazed* how many are still running BIND 4 or 8....

That, or use a browser exploit or mass email to drop a small program on
the end user's machine that changes the configured values of the DNS
servers to ones that you run.  You don't even have to leave any traces
of this (like .exe files that run at startup), it could be a one-time
configuration change.  The end user would have no clue this had happened
since the malicious servers would be standard recursive resolvers, so
their net access remains fully operational... 

Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/