Re: DNS Attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Björn Persson wrote:

If you are really paranoid (or about to do large transactions on what
you hope is your banking site), you could do a 'whois' lookup for the
target domain to find their own name servers and send a query directly
there for the target site.

Check that the domain name in the address bar is right, that you're using HTTPS, and that the bank's certificate has been verified correctly. Then you're safe, unless the attacker has *also* managed to trick one of the certification authorities into issuing a false certificate, or somehow sneaked a false CA certificate into your browser.

You aren't paranoid enough. What if the spoofer is also a system administrator at the bank with access to a copy of the real certificate that he installs on the machine he's tricked your dns into reaching - with the expected name that you'll still see.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux