mworks
join:2006-06-13
Faison, NC | Patch is just a bandaid It appears the patch is only a temporary fix. It makes it harder to exploit the dns servers, but it cannot prevent it. DNS was just not designed as a secure system. The makers did not have that in mind. |
|
| said by mworks:It appears the patch is only a temporary fix. It makes it harder to exploit the dns servers, but it cannot prevent it. DNS was just not designed as a secure system. The makers did not have that in mind. Okay since this will affect banks and financial institutions the most because of phising attacks, can the following be used to reduce the threat? These secure sites should already have certificates. The banks need to update their certificates for their IP address rather than the name of the URL. Then the links to the secure sites need to be changed from the URL to the IP address. For example: the link to "https://www.coolbank.com/securelogin.asp" would be changed to "https://172.16.100.1/securelogin.asp". By doing this, the web browser verifies the certificates name against the banks authentic IP address instead of verifying the certificates name against the name of the URL, which can be spoofed. The user can then have confidence in the site once the browser displays a secure connection. |
|
| Maybe you are on to something here, the doxpara website makes a statement on SSL certs: "SSL is not the panacea it would seem to be". So will this work? Can secure websites find a way to verify their certs against their true IP address rather than verifying against the URL. Surely this would cut down on phishing schemes. |
|
|
|
