I have lost part of this. Do you (Chris, Marty or anyone else) may point me where all this information is present?
On Monday 28 July 2008 19:53:48 Chris Buxton wrote: > Marty, > > You continue to completely misconstrue what people are saying, because > you want to believe this is harmless and is being blown out of > proportion. > > Mr. Kaminsky did not say what you said he said. Not at all. > > As for the bad guys not having SSL certs, you're wrong there again. > Criminals have been known to fool a CA into issuing them a cert for > someone else's legitimate business. The DNS exploit under discussion > could even theoretically be used to accomplish this. > > Chris Buxton > Professional Services > Men & Mice > > On Jul 28, 2008, at 2:59 PM, marty wrote: > > Ok guys, Dan Kaminsky finally let the cat out of the bag, > > and demonstrated some popular software can be exploited. > > Pretty much a non-event despite all the hype. > > > > The only people who can fix this are the major players who > > are a bunch of fat, lazy, greedy, corporate types. > > Users are not directly vulnerable to this in most cases. > > > > He also made it very obvious this is far more annoyance than > > threat. Being redirected to a malware site does not present > > any real danger for Linux users or even to patched Windoze > > users. That is only the first step anyway. > > > > Attackers still must use a secondary vehicle to deliver the > > main attack once they have diverted you to a site they > > control. They will probably try to use a hidden Iframe > > injected into a real banking site to fool you and steal your > > password. Very old hat and only idiots will fall victim. > > > > Secure transactions cannot be successfully faked because the > > attackers don't have the SSL private key. Your browser will > > clearly show when the connection has unencrypted portions. > > Disconnect when in doubt. Duh. > > > > Web sites have much more to fear, because they can easily be > > diverted to porn sites or whatever. Totally harmless except > > from a reputation standpoint. God.com => Hotporn.com. > > oops.... actually, that might prove to be a blessing:) > > > > No the sky is not falling and this will pass soon. > > But watch out for that Banana vuln..It's a real killer. > > > > Marty B. > > > > > > -- > > Electile Dysfunction : the inability to become aroused over > > any of the > > choices for President put forth by either party in the 2008 > > election. > > > > -- > > http://linuxfromscratch.org/mailman/listinfo/hlfs-dev > > FAQ: http://www.linuxfromscratch.org/faq/ > > Unsubscribe: See the above information page -- Valter Douglas Lisbôa Jr. Sócio-Diretor Trenix - IT Solutions "Nossas Idéias, suas Soluções!" www.trenix.com.br [EMAIL PROTECTED] Tel. +55 19 3402.2957 Cel. +55 19 9183.4244 -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
