Ok guys, Dan Kaminsky finally let the cat out of the bag, and demonstrated some popular software can be exploited. Pretty much a non-event despite all the hype.
The only people who can fix this are the major players who are a bunch of fat, lazy, greedy, corporate types. Users are not directly vulnerable to this in most cases. He also made it very obvious this is far more annoyance than threat. Being redirected to a malware site does not present any real danger for Linux users or even to patched Windoze users. That is only the first step anyway. Attackers still must use a secondary vehicle to deliver the main attack once they have diverted you to a site they control. They will probably try to use a hidden Iframe injected into a real banking site to fool you and steal your password. Very old hat and only idiots will fall victim. Secure transactions cannot be successfully faked because the attackers don't have the SSL private key. Your browser will clearly show when the connection has unencrypted portions. Disconnect when in doubt. Duh. Web sites have much more to fear, because they can easily be diverted to porn sites or whatever. Totally harmless except from a reputation standpoint. God.com => Hotporn.com. oops.... actually, that might prove to be a blessing:) No the sky is not falling and this will pass soon. But watch out for that Banana vuln..It's a real killer. Marty B. -- Electile Dysfunction : the inability to become aroused over any of the choices for President put forth by either party in the 2008 election.
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
