Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Major DNS Flaw Finally Publicized » Patch is just a bandaid
Search Topic:
Uniqs:
57		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
DNS flaw.. »
« Home routers still vulnerable?  
AuthorAll Replies

mworks

join:2006-06-13
Faison, NC		Patch is just a bandaid

It appears the patch is only a temporary fix. It makes it harder to exploit the dns servers, but it cannot prevent it. DNS was just not designed as a secure system. The makers did not have that in mind.
to forum · permalink · · 2008-07-24 22:57:12 · Reply to this


HIYA

@bellsouth.net
said by mworks See Profile :

It appears the patch is only a temporary fix. It makes it harder to exploit the dns servers, but it cannot prevent it. DNS was just not designed as a secure system. The makers did not have that in mind.
Okay since this will affect banks and financial institutions the most because of phising attacks, can the following be used to reduce the threat? These secure sites should already have certificates. The banks need to update their certificates for their IP address rather than the name of the URL. Then the links to the secure sites need to be changed from the URL to the IP address. For example: the link to "https://www.coolbank.com/securelogin.asp" would be changed to "https://172.16.100.1/securelogin.asp". By doing this, the web browser verifies the certificates name against the banks authentic IP address instead of verifying the certificates name against the name of the URL, which can be spoofed. The user can then have confidence in the site once the browser displays a secure connection.
to forum · permalink · 2008-07-25 21:15:17 · Reply to this


HIYA to you

@cableone.net

 Maybe you are on to something here, the doxpara website makes a statement on SSL certs: "SSL is not the panacea it would seem to be". So will this work? Can secure websites find a way to verify their certs against their true IP address rather than verifying against the URL. Surely this would cut down on phishing schemes.
to forum · permalink · 2008-08-07 16:32:39 · Reply to this
-
Forums » Major DNS Flaw Finally PublicizedDNS flaw.. »
« Home routers still vulnerable?  

Tuesday, 24-Nov 02:03:09 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [84] New AT&T Ad Campaign Hits Back At Verizon
· [51] New Bill Takes Aim At Higher Verizon ETFs
· [30] AT&T Offers New Prepaid Wireless plans
· [29] Earthlink Suffers From Major E-mail Outage
· [26] Frontier Increases Modem Rental Fee
· [12] Vivendi In Way Of Comcast's NBC Desires
· [11] Charter Still Fighting With Creditors
· [7] Monday Morning Links
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Big Bank Alternative to Bank of America? [General Questions]
· What to use while demonoid is down? [Filesharing Software]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· netTalk tk6000 [VOIP Tech Chat]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]