Bill Stewart <[EMAIL PROTECTED]> writes:
> At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
>>In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>> >This looks like it has the ability to work around DNSSEC.
>> >Somebody trying to verify that they'd correctly reached yahoo.com
>> >would in
At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>This looks like it has the ability to work around DNSSEC.
>Somebody trying to verify that they'd correctly reached yahoo.com
>would instead verify that they'd correctly reached
>yahoo.com.a
It turned out that the ISP, Charter, was not compromised. The user had
some nasty spyware install itself on his computer. Here are the details:
http://ask.slashdot.org/comments.pl?cid=6260281&sid=68266&tid=172
-- sidney
-
Th
One key point though: even if DNSSEC was deployed from the root, and a
trusted copy of the root key was the client, the search path/default
domain must *also* come from a trusted source.
Currently, default domain/search path often comes from DHCP, and for
nomadic laptops where the relationship to
In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>Somebody did an interesting attack on a cable network's customers.
>They cracked the cable company's DHCP server, got it to provide a
>"Connection-specific DNS suffic" pointing to a machine they owned,
>and also told it to use their DNS server.
does anyone know anything about AP's claim that Google
"encrypts" credit-card numbers? specifically, which
cipher and what kind of key management do they use?
- don davis, boston
-
From: "Google puts new ga