[p2p-hackers] DNS hijacking?
dbarrett at quinthar.com
Mon May 25 17:47:26 EDT 2009
It's not eavesdropping I'm concerned about. I'm thinking with this
attack you could inject malicious code into otherwise innocuous HTTP
traffic. For example, you might add a "Install the latest Google
Toolbar!" link straight into the live, functional Google homepage, and
even make that link look like it's coming straight from
http://google.com, but then host a virus-infected version of Google Toolbar.
Tien Tuan Anh Dinh wrote:
>> I'm primarily thinking of a wifi office or internet cafe; can't
>> everybody sniff everybody else's traffic (including DNS requests)? Does
>> this mean that every wifi network is vulnerable to this really easy
>> attack, and there's basically no defense other than upgrading all of DNS?
> When your traffic is in plain-text while you're in a wifi cafe, you give
> your privacy to the one operating that access point already.
> https was designed for these scenarios. When your traffic is sensitive,
> use https.
> I'm wondering what would one gain by eavesdropping unimportant traffic
> of others in an Internet cafe? I'm not sure if this attack can cause any
> noticeable damage.
> p2p-hackers mailing list
> p2p-hackers at lists.zooko.com
More information about the p2p-hackers