While PKI has many shortcomings, DigiNotar has shown the industry can effectively kill off a deficient CA. Are there any measures in place to keep a deficient registrar out of DNS? Or will NetNames still be serving up records with a promise to do better? [Naively, I thought the DNS hacks were related to the CA compromises].
http://www.pcpro.co.uk/news/security/369700/sql-injection-blamed-for-widespread-dns-hack: The DNS company [NetNames] at the centre of a massive hacking attack has blamed the security breach on an SQL injection. According to NetNames, one of the domain management firms targeted, the attackers managed the breach via an SQL injection attack.... ...[The redirection] was done by placing unauthorised re-delegation orders through to the registries via our provisioning system. These orders updated the address of the master DNS servers responsible for serving data for these domain. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
