| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue May 23 14:50:42 2006 From: dudevanwinkle at gmail.com (Dude VanWinkle) Subject: Five Ways to Screw Up SSL On 5/22/06, Brian Dessent <brian@...sent.net> wrote: > Valdis.Kletnieks@...edu wrote: > > > > On Mon, 22 May 2006 12:02:23 EDT, Dude VanWinkle said: > > > > > DNS foo to the client, how easy is that? Would you have to get the > > > upstream DNS server to cache your bogus entry? > > > > You'd be *amazed* how many are still running BIND 4 or 8.... > > That, or use a browser exploit or mass email to drop a small program on > the end user's machine that changes the configured values of the DNS > servers to ones that you run. You don't even have to leave any traces > of this (like .exe files that run at startup), it could be a one-time > configuration change. The end user would have no clue this had happened > since the malicious servers would be standard recursive resolvers, so > their net access remains fully operational... So just taking over their lmhosts would invalidate the chain o' authority. I guess you would hijack their machines with a bug that would edit the local cache, refresh the cache, then report to you about the websites the victim's machine had visited, and you could request an ssl cert for those sites. The only problem I see with this scenario from a freessl perspective is that they require verification in the form of an email sent to admin@...ain.com or from an email sent to the admin from the upstream DNS provider. This would be a little tricky to get around as you would have to munge freessl's DNS records. -JP Gotcha, thanks for the lesson -JP
Powered by blists - more mailing lists