Paul Wouters <p...@cypherpunks.ca> wrote:
> On Thu, 6 Mar 2014, Dan York wrote:
>
> > I don't even see DNSSEC helping much here, either, given that the
> > attacker could just strip out the DNSSEC info (unless, perhaps, the
> > home computers were running full (vs stub) recursive resolvers that
> > also did DNSSEC-validation).
>
> If the domains were signed, even if you used the rogue DNS as forwarder,
> you would at least notice you are under attack.
As I understand it from the CERT Polska report, the aim of the malware is
to send people to a phishing site instead of to legit banking sites etc.
http://www.cert.pl/news/8019/langswitch_lang/en
(if you get a redirect try reloading the link)
If properly deployed, with validation on the users' end hosts, DNSSEC
would absolutely have prevented this attack from successfully stealing
banking credentials.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Northwest FitzRoy, Sole: Northerly, backing southerly later, 4 or 5,
increasing 6 or 7, perhaps gale 8 later. Rough or very rough. Rain or drizzle.
Moderate occasionally poor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
