| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F3CE8A8.1918.5ABA2B@localhost> From: cta at hcsin.net (Bernie, CTA) Subject: msblast is starting now On 15 Aug 2003 at 12:05, Jonathan Rickman wrote: > On Friday 15 August 2003 07:03, B3r3n wrote: > > msblast start now on far eastern countries. We have a site in > > Auckland and so I'll know soon if our DNS to localhost > > protection is valuable. > It is irrelevant now. MS has removed the DNS entries for > windowsupdate.com. > Now I don't think that was such a smart move. It wouldn't take much to setup a bunch of bogus DNS servers to answer as "windowsupdate.com" with a pointer to a new A record, or better yet, round-robin to an infinite number of FQDN, or IP addresses. In fact, a new variant placed on compromised system could help (direct) windows TCP/IP to find and use these bogus NS, giving almost endless control of the target address. Hey, great pre-school project for the script kiddies! - - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta@...in.net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *******************************************************
Powered by blists - more mailing lists