Thanks On Tuesday 29 July 2008 10:51:41 Chris Buxton wrote: > Some of what you missed was in a private conversation between Marty > and me. Neither side was convinced. > > You can find good information about the exploit here: > http://www.doxpara.com/ > > Specifically, the blog post called "Details". The take-away is that an > attacker, once successful, has changed the value of one single domain > name to point to a different address. This doesn't by itself get him > much. But combine that with: > > - Most people don't bother to type "https://" into their browsers. > They let the "http://" website redirect them to "https://". What if > the non-secure site never tells the browser to go to the secure site? > Suddenly "http://www.paypal.com" leads to the attacker's look-alike > site, which then conducts a simple man-in-the-middle attack. Organized > crime has been conducting these attacks using other vectors for > several years now - it's called "pharming". But this vector is much, > much easier to use. > > - Mail delivery. 'nuff said. > > - Search engines. Suddenly you're searching using the bad guy's > engine. He can do whatever he wants to your searches. > > There is no browser bug or XSS bug directly involved in the exploit. > However, nothing says that the attacker can't continue on to that kind > of thing (trying to plant malware on your machine, for example) once > you're using his fake version of Google. > > Chris Buxton > Professional Services > Men & Mice >
-- Valter Douglas Lisbôa Jr. Sócio-Diretor Trenix - IT Solutions "Nossas Idéias, suas Soluções!" www.trenix.com.br [EMAIL PROTECTED] Tel. +55 19 3402.2957 Cel. +55 19 9183.4244 -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page