lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030921002743.GA19406@dreams.soze.net>
From: justin-fulldisclosure at soze.net (Justin)
Subject: How Verisign's SiteFinder service breaks Windows networking utilities

Richard M. Smith (2003-09-20 20:17Z) wrote:

> Verisign's SiteFinder service also breaks many of the standard Windows
> networking utilities by providing misleading error messages, temporary
> lockups, and incorrect status information.
...
> With SiteFinder, the FTP utility now provides a useless error message:
> 
>    C:\work\sitefinder>ftp ftp.asdklsdfjaskdfjasdfjasdjfasdfj.com
>    > ftp: connect :Unknown error number
> 
> The PING utility gives incorrect results for misspelled domain names:
> 
> Ditto for tracert:

The same happens with any sites owned by search engines that
mass-register domains.  Verisign's crap is an annoyance of a greater
magnitude, but the per-domain effect is the same.

If you'd use the bind patch, you wouldn't see any of that "incorrect"
behavior.  Expecting ping and traceroute to read your mind when your
resolver gives them valid ip addresses for the targets is just silly.

-- 
No man is clever enough to          Times are bad.  Children no longer
know all the evil he does.          obey their parents, and everyone
-Francois de la Rochefoucauld       is writing a book.  -Cicero


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ