Re: BIND bugs of the month (spoofing secure Web sites?)

From: Kurt Seifried (listuserat_private)
Date: Sun Nov 14 1999 - 14:40:16 PST

Next message: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"

Previous message: Szilveszter Adam: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> While DNS spoofs may be practical, impersonating an SSL-enabled Web
> server requires considerably more than lying about IP addresses.

No, not really. The weak link is the end user, and they are generally
a VERY weak link. I wrote an article dealing with this:

<blatant corporate self-plug>
http://www.securityportal.com/closet/closet19990930.html
</blatant corporate self-plug>

> -Peter

- -Kurt Seifried


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBOC86Tob9cm7tpZo3EQIQugCfUGYpX5JyI/50rR4rxAmOyWyBOzYAnjVN
ZJLNpm2peizpZDThkFqfeykh
=MOsV
-----END PGP SIGNATURE-----

Next message: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Previous message: Szilveszter Adam: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Steven M. Bellovin: "Re: BIND bugs of the month (spoofing secure Web sites?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:25 PDT