|
Fascinating Scary Shit Most of Us Never Heard About
...like a DNS exploit that some code mensch stumbled upon and shook up people who know stuff.
http://www.wired.com/techbiz/people/...?currentPage=1
Quote:
Then last January, on a drizzly Sunday afternoon, he flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages.
Suddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain. The server didn't know that the Web page didn't exist—it was listening to Kaminsky now, as if it had been hypnotized.
|
__________________
"To those of you who are wearing ties, I think my dad would appreciate it if you took them off." - Robert Moog
|
12-01-2008, 08:15 PM
Threaded Mode