RE: DNS Attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



bjorn...

while what you say makes sense... the vast majority of people pop up their
favorite browser, and go to a site.. there's no way these guys (my mother
included) are going to get into the esoteric details of what goes on behind
the scenes for the browser/dns/certificates/etc...

it's up to the architects/developers to build a bullet proof (100%)
solution... it's ok to send me to a screwed up/fake flicker.com, not cool
for etrade.com...

peace


-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Björn Persson
Sent: Friday, July 25, 2008 11:13 AM
To: For users of Fedora
Subject: Re: DNS Attacks


Les Mikesell wrote:
> If you are really paranoid (or about to do large transactions on what
> you hope is your banking site), you could do a 'whois' lookup for the
> target domain to find their own name servers and send a query directly
> there for the target site.

Check that the domain name in the address bar is right, that you're using
HTTPS, and that the bank's certificate has been verified correctly. Then
you're safe, unless the attacker has *also* managed to trick one of the
certification authorities into issuing a false certificate, or somehow
sneaked a false CA certificate into your browser.

Similarly for other protocols: Use TLS if the server's identity matters.
This
is what TLS is for. (Well, one of its two purposes.)

Björn Persson

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux