lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060416154053.13267.qmail@securityfocus.com>
Date: 16 Apr 2006 15:40:53 -0000
From: no.spam@...house
To: bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately
 sabotagedhosts-file lookup


Obnoxious, sure, but not hard to beat. (Assuming for some insane reason you are actually still using Windows for anything other than playing games)

You just add an entry in your DNS server with a zone matching the hostname that you want to override. And if they have the IP addresses of MSFT-controlled DNS servers hardcoded, you just add an iptables (or equivalent) entry in your firewall (note - this is a seperate device than your wintendo PC, not a peice of software running on your PC)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ