lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20060414192026.GA18793@stupendous.org>
Date: Sat Apr 15 01:02:18 2006
From: jurjen at stupendous.org (Jurjen Oskam)
Subject: Microsoft DNS resolver: deliberately sabotaged
	hosts-file lookup

On Fri, Apr 14, 2006 at 06:00:23PM +0200, Vidar L?kken wrote:

> >>So, the exception is not that the IP is hard-coded, but that the DNS 
> >>resolver skips looking in hosts for that _domain_ and necessarily does a 
> >>network DNS lookup...
> >Unless the DNS server is itself hardcoded in MediaPlayer, as well?
> My guess is that it uses a default dns server from microsoft at a stable 
> IP.

Why guess when it takes all of 30 seconds to *see* what happens?

I tried (using go.microsoft.com), and saw that it uses the same DNS server
as the one being used for all other queries.
-- 
Jurjen Oskam

Savage's Law of Expediency:
        You want it bad, you'll get it bad.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ