Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DNS Attack Writer a Victim of His Own Creation

CmdrTaco posted more than 6 years ago | from the what-goes-around dept.

Security 196

BobB writes "HD Moore has been owned. Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company."

cancel ×

196 comments

Sorry! There are no comments related to the filter you selected.

Did he take it well? (5, Funny)

CaptSaltyJack (1275472) | more than 6 years ago | (#24401339)

I wonder if, when he got attacked, he just leaned back in his big leather chair, and chuckled, "Well played, sir, well played."

Re:Did he take it well? (5, Informative)

capt.Hij (318203) | more than 6 years ago | (#24401421)

According to the article (you know the one that is linked above) he said this:

Now he's one of the first victims of such an attack. "It's funny," he said. "I got owned."

Re:Did he take it well? (4, Funny)

im_rotting (543266) | more than 6 years ago | (#24401915)

Why read the article when there's a 'first post' to be had. :/

Re:Did he take it well? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#24402099)

How did you get modded insightful for that?

Re:Did he take it well? (1)

negRo_slim (636783) | more than 6 years ago | (#24403391)

Why read the article when there's a 'first post' to be had. :/

No why read an article that says something like:

...DNS (Domain Name System)...

So that's what that stands for!

Re:Did he take it well? (5, Funny)

pandrijeczko (588093) | more than 6 years ago | (#24401449)

You're forgetting - he is one of these emotional American types rather than a stiff-upper-lipped Brit like myself.

In all likelihood, he probably bawled out a John McEnroe-like "YOU CANNOT BE SERIOUS!!!" and threw his mouse at his computer screen.

Re:Did he take it well? (4, Funny)

clone53421 (1310749) | more than 6 years ago | (#24401553)

I can't decide whether to be offended or just laugh...

Re:Did he take it well? (5, Insightful)

mbeans (1082073) | more than 6 years ago | (#24402003)

Being called emotional by a Brit just means you have a pulse :)

Re:Did he take it well? (5, Funny)

MrNaz (730548) | more than 6 years ago | (#24402887)

Not true. I heard that a stand up comedian in London died on stage, and nobody noticed until the corpse went cold.

Re:Did he take it well? (5, Funny)

morgan_greywolf (835522) | more than 6 years ago | (#24401637)

You're forgetting - he is one of these emotional American types

Wait! Are you saying that Americans are emotional! WTF, man! We are not fscking emotional!!! Gods, those Brits make me MAD AS HELL!! And I'm NOT going to take it anymore!!!

Re:Did he take it well? (5, Funny)

omnipresentbob (858376) | more than 6 years ago | (#24402395)

I know! Let's go throw so freaking tea in the ocean. We'll show them!

Re:Did he take it well? (5, Funny)

Kamineko (851857) | more than 6 years ago | (#24401687)

http://www.dickensfair.com/images/costume_m1.jpg [dickensfair.com]

"Gentlemen, we're receiving this morning's stock broadcast on the ticker machine."

"What! Our stock values are tumbling! What the devil is going on, Mr. Smith?"

"Why, I believe some monstrous rascal has been at our wires! I do believe we've been owned, Mr. Jones."

Re:Did he take it well? (1)

Yvan256 (722131) | more than 6 years ago | (#24401769)

Better than throwing chairs at the wall.

Re:Did he take it well? (0, Flamebait)

phoneteller (1261402) | more than 6 years ago | (#24401791)

You sir, may be a stiff upper-lipped Brit with a cactus up your arse, but this gentleman was Frankenstein'ed by his own creation. Plain and simple. It has nothing to do with his nationality.

Re:Did he take it well? (2, Funny)

Saint Stephen (19450) | more than 6 years ago | (#24402133)

Like Naomi Campbell?

Re:Did he take it well? (0)

Anonymous Coward | more than 6 years ago | (#24402801)

Yeah, trampling people during sports events is rather reserved, isn't it?

Re:Did he take it well? (1)

goffster (1104287) | more than 6 years ago | (#24401591)

I can vouch that he took it well. :)
Everyone had a big yuk.
Almost every developer spotted the attack
instantly since the google spoof was poorly
done.

Re:Did he take it well? (3, Funny)

Kingrames (858416) | more than 6 years ago | (#24401609)

you forgot, "as he pet his white cat and the satellite dish that made up 90% of his secret lair exploded around him."

Re:Did he take it well? (3, Funny)

illumin8 (148082) | more than 6 years ago | (#24401701)

I wonder if, when he got attacked, he just leaned back in his big leather chair, and chuckled, "Well played, sir, well played."

I'm tagging this article "irony" because it is the very definition of the word...

Re:Did he take it well? (0, Funny)

Anonymous Coward | more than 6 years ago | (#24401793)

Please moderate as flamebait, since this is clearly going to upset the grammar nazis.

Re:Did he take it well? (2, Funny)

encoderer (1060616) | more than 6 years ago | (#24403131)

...?

well?

WHAT word?

Don't leave me hanging like this!

Re:Did he take it well? (-1, Troll)

trongey (21550) | more than 6 years ago | (#24401935)

Naw. I'm guessing that he ran out to the receptionist desk, and cried in his mommy's lap.

BEHOLD (-1, Offtopic)

bhamlin (986048) | more than 6 years ago | (#24401347)

I, for one, welcome or new self-pwning overlords?

Re:BEHOLD (1)

The Assistant (1162547) | more than 6 years ago | (#24401443)

Huh???

Re:BEHOLD (2, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#24401575)

Yeah, that's what I said. He didn't pwn himself, he was pwned by someone using a tool he himself wrote. Two different things.

Re:BEHOLD (5, Funny)

Anonymous Coward | more than 6 years ago | (#24402025)

Yeah.. it'd be more like the US getting attacked by weapons they made and sold to Iraq or something... oh hang on..

Karma (2, Funny)

Republican Gun (1174953) | more than 6 years ago | (#24401349)

Proof that Karma is real baby!

Re:Karma (1)

The Assistant (1162547) | more than 6 years ago | (#24401413)

Hey!!!

Why did you steal my subject line?

And before I even submitted it!!!

Re:Karma (1)

Republican Gun (1174953) | more than 6 years ago | (#24401501)

I thought I had first post too. But speaking of Karma. This karma hit not only Moore but AT&T.

Re:Karma (2, Funny)

The Assistant (1162547) | more than 6 years ago | (#24402449)

Awwwwwww!

Note: User's previous experiences with previously mention company may have predjudiced his response.

Re:Karma (1)

Lobster Quadrille (965591) | more than 6 years ago | (#24402545)

Karma?

How so? Are you implying that he was being a Bad Man by releasing this exploit, and the attack was the universe's punishment?

You have a lot to learn about security research

Karma (1, Insightful)

The Assistant (1162547) | more than 6 years ago | (#24401363)

Karma takes a break occasionally, but seems to have been alert when it saw this opportunity!!!

Bravo!!!!!!!

Dutch sayings rule (0)

Anonymous Coward | more than 6 years ago | (#24401401)

Ahhh just like the old Dutch saying: "Wie een kuil graaft voor een ander, valt er zelf in"

English: He who digs a pit for someone else, will fall in it himself

Re:Dutch sayings rule (0)

Anonymous Coward | more than 6 years ago | (#24401491)

kuil like cuil? ;-)

Re:Dutch sayings rule (1)

clone53421 (1310749) | more than 6 years ago | (#24401527)

Not to burst your bubble but that's an ancient proverb. I'm sure it's pretty common... the Jews had it way back in Solomon's day. Check Proverbs 26:27a.

Re:Dutch sayings rule (4, Funny)

Anonymous Coward | more than 6 years ago | (#24401723)

Really this proverb is best portrayed by the timeless coyote chasing the road runner cartoons.

Re:Dutch sayings rule (1)

Dekortage (697532) | more than 6 years ago | (#24401613)

Plenty of old English sayings for this one.

"Live by the sword, die by the sword."

"What goes around, comes around."

"You reap what you sow."

Etc.

Re:Dutch sayings rule (3, Funny)

Emb3rz (1210286) | more than 6 years ago | (#24402573)

Saying #1: Jesus to Peter after Peter had sliced the ear off of the slave Malchus.

Saying #2: ????

Saying #3: Galatians 6:7... though I was really tempted to say PROFIT!!!

THAT'S NOTHING (-1, Troll)

Anonymous Coward | more than 6 years ago | (#24401633)

The niggers have a new saying thats 10000% better!! Like the way Tupac made tons of money and could have gotten the fuck out of the ghetto but he was a tru-nigga so he stayed in the ghetto so somebody shot him, cuz he's a homie-G like dat. The only thing worse than knee-growes who dont know better are suburban white kids who see this shit and think its cool. Keep havin a bunch of bastard kids you bitches, yer not hurtin society at all!

Re:THAT'S NOTHING (-1, Troll)

Anonymous Coward | more than 6 years ago | (#24401849)

The only thing worse...are suburban white kids who see this shit and think its cool.

That's because it IS cool. The shit is dope, to be exact.

Keep havin a bunch of bastard kids you bitches, yer not hurtin society at all!

Will do.

Re:THAT'S NOTHING (0)

Anonymous Coward | more than 6 years ago | (#24402955)

Las Vegas is the ghetto? Good to know. Here I thought it was a bunch of really swank casinos and hotels in the middle of the desert.

P.S. We all know that you are actually one of the "suburban white kids who see this shit and think it is cool". So get off the computer before mom finds out you were using it during little Timmy's allotted time, and grounds your ass again.

Re:Dutch sayings rule (1)

caluml (551744) | more than 6 years ago | (#24402687)

I keep telling people how similar Dutch is to English, and this is an example:

"Wie een kuil graaft voor een ander, valt er zelf in"

Literally translated: Who a hole dug for an other*, falled** their self in. (* You knew that "another" used to be "an other"? And that "an apron" used to be "a napron"? It's happening again with "a lot" - soon that'll be "alot". ** Artistic license applied for).
Voor = for. een = an/one. zelf = self. in = in.

Oh really? (1)

clone53421 (1310749) | more than 6 years ago | (#24401425)

I predict another one of those raps [wired.com] about how lame this guy was and how "it can't possibly happen to us"...

Correction to the article published (5, Informative)

Anonymous Coward | more than 6 years ago | (#24401441)

The reporter has published a correction [pcworld.com] , which is also reflected on the Metasploit Blog [metasploit.com] .

Tag (1)

starry starry knight (1332317) | more than 6 years ago | (#24401459)

Your it.

Re:Tag (1, Funny)

Anonymous Coward | more than 6 years ago | (#24401771)

don't touch my it

Re:Tag (1)

IBBoard (1128019) | more than 6 years ago | (#24401797)

Surely that'd be "you're it" since it isn't his "it".

Re:Tag (1)

Amouth (879122) | more than 6 years ago | (#24401991)

i read it as Tag your IT

kinda worked

Re:Tag (1)

RNelson (567188) | more than 6 years ago | (#24401819)

My it? What about my it?

Re:Tag (1)

Gilmoure (18428) | more than 6 years ago | (#24402491)

My IT's picking up the pieces today, after power outages and such.

at&t not him (5, Insightful)

nicolas.kassis (875270) | more than 6 years ago | (#24401469)

Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched. He should give at&t hell. All the other big ones like comcast and verizon claim to be fully patched. I understand the size of at&t's network but this is no excuse when everyone uses your network and pays good money for it.

Re:at&t not him (4, Insightful)

duplicate-nickname (87112) | more than 6 years ago | (#24401615)

Well, you can choose to not use caching servers that are still vulnerable.

Re:at&t not him (1)

beoba (867477) | more than 6 years ago | (#24401871)

He's paying ATT for their DNS -- why should anyone expect him to leech off somebody else?

Re:at&t not him (0)

Anonymous Coward | more than 6 years ago | (#24401647)

One wonders if there are not legal remedies that can be pursued in this case.

Re:at&t not him (1)

Oh no, it's Dixie (1332795) | more than 6 years ago | (#24401721)

It all comes down to simple economics. Which is cheaper in the short term: making sure everything is patched, or ignoring the problem? Considering the massive size of telecom networks, seemingly obvious security fixes appear uneconomical until after the fact. Parallels can be made to the possibility of Oracle ignoring software vulnerabilities.

Re:at&t not him (1)

ocirs (1180669) | more than 6 years ago | (#24401977)

Use openDNS?

Re:at&t not him (1)

Obsi (912791) | more than 6 years ago | (#24402879)

OpenDNS is good in theory, but it's not standards-compliant -- it doesn't return NXDOMAIN on nonexistent domains. The internet is more than just http traffic in a web browser.

Re:at&t not him (1)

teknopurge (199509) | more than 6 years ago | (#24402013)

Well, all I can say is, no one, not even him can prevent this shit from happening if a server out of their control such as this is unpatched.

Run a recursive nameserver. Hard to have this happen when you patch it yourself.

Re:at&t not him (1)

Average (648) | more than 6 years ago | (#24402111)

He could switch to a patched server (OpenDNS?). That's what I did when it appeared AT&T wasn't being proactive about the DNS patch.

/ Sadly AT&T is still better than the local independent cable company.

Re:at&t not him (0)

Anonymous Coward | more than 6 years ago | (#24402703)

What? Employees to patch servers cut into a corporations profit almost as much as customers who actually use the services they have purchased. please report to room 101 for re-education.

Good (3, Funny)

DaveV1.0 (203135) | more than 6 years ago | (#24401477)

Serves him right.

Re:Good (5, Insightful)

Kadin2048 (468275) | more than 6 years ago | (#24401651)

Not sure why it would; he wasn't doing anything wrong. That's the funny thing about DNS poisoning -- you can be following best-practices to the letter, but if your ISP is sloppy, you'll get hit by it just the same.

AT&T are the ones to blame, if blame needs to be assigned.

Re:Good (0)

Anonymous Coward | more than 6 years ago | (#24401873)

Uh, didn't he release an exploit just a few days after the vunerabilities were announced. A company of at&t's size can take a month to update all of the systems, due to waiting on the vendors, testing in the lab, then deploying. I could be wrong, but isn't this the dude that also agree to not release the exploit until August.

Re:Good (4, Insightful)

jimwelch (309748) | more than 6 years ago | (#24401659)

Why does it server him right? (/pun)
He handled the flaw correctly.
  A) Find flaw
  B) Notify privately those affected.
  C) Give normal amount of time to fix.
  D) Notify public to force ISP's to DO THEIR JOB.

Or are you on the side of total secrecy of flaws. (CYA?)

Re:Good (1)

the_B0fh (208483) | more than 6 years ago | (#24402259)

No, he's on the side of the morons.

Re:Good (5, Informative)

rfunk (765049) | more than 6 years ago | (#24402721)

Er, this isn't the same guy who discovered the DNS flaw.

This is like the story of Frankenstien... (1)

xpuppykickerx (1290760) | more than 6 years ago | (#24401499)

but with less pissed off villagers and torches.

you know how the saying goes.. (2, Insightful)

pak9rabid (1011935) | more than 6 years ago | (#24401561)

what goes around, comes around.

Along with everyone else in Austin (4, Informative)

zoward (188110) | more than 6 years ago | (#24401563)

Since the attack wasn't on BreakingPoint, but rather than upstream DNS server, he pretty much just got swept up in the dragnet. These kind of attacks seem scarier than a direct attack, since you can do "everything right" with regard to patching, updating, firewalling, etc, and still get owned.

Re:Along with everyone else in Austin (1)

networkconsultant (1224452) | more than 6 years ago | (#24401919)

No just have no forwarding authority for DNS :D It might break a little though! ;)

Re:Along with everyone else in Austin (2, Insightful)

Yvanhoe (564877) | more than 6 years ago | (#24402833)

Define "owned".
Agreed, Google searches and DNS queries can be a pretty confidential information you wouldn't want to see made public, but it is not like the company was in any way hacked. If everything is set correctly, the man in the middle will not be able to see their encrypted webmail/mail traffic nor their financial communications. HTTPS has been developped with exactly this kind of attacks in mind.

Retraction Posted (5, Informative)

mubix (901806) | more than 6 years ago | (#24401597)

Re:Retraction Posted (4, Informative)

IBBoard (1128019) | more than 6 years ago | (#24401835)

Not so much a retraction, more a correction. The company were still a victim of the cache poisoning, it has just been made clear that they were a victim along with everyone else in Austin.

Take note (3, Insightful)

Daimanta (1140543) | more than 6 years ago | (#24401621)

This is real irony. So, if someone tags this story "irony", he would be correct.

Re:Take note (5, Funny)

Freeside1 (1140901) | more than 6 years ago | (#24402065)

yeah, it's kinda like a red light when you're already late.

Re:Take note (1)

Chris Burkhardt (613953) | more than 6 years ago | (#24403101)

You know as well as I do that there is now such thing as irony.

Re:Take note (1)

Chris Burkhardt (613953) | more than 6 years ago | (#24403139)

d'oh: *no* such thing.

Misquoted and correction made to article (-1, Redundant)

edsmiley (1332155) | more than 6 years ago | (#24401653)

HD posted some information on the Metasploit blog about being misquoted in the article and a correction has been made. Check it out: http://is.gd/18Vz [is.gd]

In the words of the Bard ... (5, Funny)

r00tus3r (1185395) | more than 6 years ago | (#24401679)

For tis the sport to have the engineer hoist with his own petard.

Re:In the words of the Bard ... (5, Funny)

MyLongNickName (822545) | more than 6 years ago | (#24402489)

For tis the sport to have the engineer hoist with his owne petard.

Fixed it for you.

-- Old English Grammar Nazi

Re:In the words of the Bard ... (0)

Anonymous Coward | more than 6 years ago | (#24402711)

For tis the sport to have the engineer hoist with his owne petard.

Fixed it for you.

-- Olde English Grammar Nazi

Fixed it for you.

Re:In the words of the Bard ... (4, Funny)

Anonymous Coward | more than 6 years ago | (#24403365)

For tis the sport to have the engineer hoist with his owne petard.

Fixed it for you.

-- Olde English Grammar Nazi

Fixed it for thou.

Fixed it for thou.

DNS cache poisoning in the wild (5, Interesting)

GogglesPisano (199483) | more than 6 years ago | (#24401895)

It's interesting to see how widespread this exploit has become. I've checked my home and office connections using Dan Kaminsky's handy DNS Checker [doxpara.com] and it appears that my ISPs have taken measures to avoid this problem.

Unfortunately, I also travel a good deal for work, and it's hard to be sure that the ISP used by whatever-hotel-I'm-staying-at-this-week will be as proactive.

The guys in TFA got pwned by being redirected to a bogus Google look-alike page. As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true? What other ways might be used to detect this problem?

Re:DNS cache poisoning in the wild (2, Informative)

felipekk (1007591) | more than 6 years ago | (#24402527)

When you are "outside", just make sure you are not using the DNS server provided by the hotel DHCP server. In Windows, simply set the ip addresses of your DNS servers to 208.67.222.222 and 208.67.220.220 (OpenDNS) and you should be safe.

Re:DNS cache poisoning in the wild (1)

mxs (42717) | more than 6 years ago | (#24402649)

And just to nitpick, you cannot be sure that the DNS checker is actually telling you the truth. The first thing a competent attacker could do is capture the various domains that run the popular checkers and make them appear to return a "everything is OK"-answer.

Re:DNS cache poisoning in the wild (5, Informative)

Phroggy (441) | more than 6 years ago | (#24402759)

As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true?

Yes, this is true. HTTPS connections require an SSL certificate which must be signed by a Certificate Authority (CA) that your browser trusts. Your browser ships with a database of CA certificates, and you can manually add your own if you want; any SSL cert signed by one of those CAs will be trusted, but any SSL cert signed by anybody else will display a warning message before allowing you to access the web site.

Unfortunately, there are legitimate HTTPS sites out there using self-signed SSL certificates. Chances are, you've probably seen one at some point, and you went ahead and accepted it anyway, because you figured the company is legitimate and they just skimped on getting an SSL cert signed by a real CA. I know I have. If DNS cache poisoning (or other techniques) can get your browser to think it's talking to a particular host when it really isn't, AND you accept an invalid SSL certificate, you're screwed.

Note that SSL serves two purposes: it encrypts data while it's being sent over the wire so nobody* can eavesdrop on the connection between your browser and the server, and it also provides authentication so you can be sure that your browser is really talking to the server it thinks it's talking to. Using a self-signed certificate (or a certificate signed by an untrusted CA) renders the second of these useless, but the data is still encrypted.

* And of course when I said "nobody"... There is a way to intercept SSL connections, but it requires that you install a special CA cert in your browser, which will make your browser trust whoever is intercepting the SSL connections. This makes it possible to set up a caching proxy server that can inspect and cache data being sent over HTTPS. This is crazy stuff you shouldn't think about.

Re:DNS cache poisoning in the wild (1)

pseudorand (603231) | more than 6 years ago | (#24402773)

Speaking of doxpara.com, has anyone actually figured out how to use Mr. Kaminsky's stupid fucking tool? The extent of the instruction is "click here", which simply opens a new iframe to a URL that can't be found. I'm guessing that means my patching efforts worked, but I forgot to test BEFORE I patched, so I have no idea if that's the case. I did bother to actually to download sha1.js (the workhorse of the "Click Here" button), but then I figured, "I never RTFA, so why not just bitch about it on slashdot instead of figuring out what his code actually does.".

And as for Mr. Kaminsky, he's a total tool. The exploit and problem may be real, but he's irresponsibly milking it for all it's worth and then some by facilitating the spread of misinformation. NPR interviewed him and he totally agreed with their explanation of the ramifications of the exploit, which involved checking your bank balance. But your bank, which surely uses HTTPS, is the one place where a DNS hack WOULDN'T work because your browser would complain about the certificate*. Yet Mr. Kaminsky offered no corrections or caveats as the interviewer described the potential of not really being on your bank's web site.

* Yes yes, I know most users have been trained to ignore certificate errors thanks to the thousands of public and internal sites too cheap to buy a certificate signed by a trusted CA, but still, accessing your bank's web site is the worst possible example both because you would get a warning and because it's designed to generate unnecessary fear of the Internet. Fuck you. Mr. Kaminsky, you just lost all credibility in my book.

Re:DNS cache poisoning in the wild (0)

Anonymous Coward | more than 6 years ago | (#24403349)

My ISP found the best way to fix the dns problems: rather than fix the dns, they just blocked doxpara.com. Problem solved!11

I would post a comment... (0)

Anonymous Coward | more than 6 years ago | (#24402113)

...but how do I know this is really Slashdot?

Re:I would post a comment... (4, Funny)

pseudorand (603231) | more than 6 years ago | (#24402479)

Well, if all the posts are filled with mindless, off-topic dribble about how, in Soviet Russia, we welcome the opportunity exploit Natalie Portman's hot grit-pouring overlords with our vulnerable DNS servers, then it's a safe bet your on slashdot.

The million-dollar question (1)

krkhan (1071096) | more than 6 years ago | (#24402313)

Is it possible for /. to be /.ed

Before this DNS thingie, I'd have said no. But I guess I'll be keeping my fingers crossed from now on.

Owned (2, Funny)

Stooshie (993666) | more than 6 years ago | (#24402379)

In Soviet Russia your hacking toolkit owns you.

Don't Eat The Brown Acid (1)

strelitsa (724743) | more than 6 years ago | (#24402475)

Especially if you yourself made it.

DNS should not be a vulnerability (4, Insightful)

joekrahn (544037) | more than 6 years ago | (#24402985)

The problem is that bad DNS responses should not be a source of vulnerability. Anytime there is traffic outside of your trusted domain, the identity of the remote system should not be trusted without a secure connection. There is work on Secure DNS, but I think it is better just to consider DNS unreliable, especially since wireless access points are common, and can give you whatever DNS they want. Even if you use another DNS server, it is easy enough to override it at the router. Unencrypted traffic should always be considered untrusted and prone to hacking. We need a system of secondary (tertiary, etc?) certificate signing so that every web site doesn't have to pay for a commercially signed certificate. That is more efficient and reliable than Secure DNS. (Right?)

Uh, really? (0)

Anonymous Coward | more than 6 years ago | (#24403009)

Sure this was a real attack, and not a "jurassic duck" incident where he forwarded his own traffic to garner publicity?

Dogfooding? (0, Redundant)

HyperQuantum (1032422) | more than 6 years ago | (#24403489)

Now is this what they call "eating one's own dog food"?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?