[FoRK] Poisoned DNS and informal certificates
Russell Turpin
<deafbox at hotmail.com> on
Tue Feb 19 09:37:59 PST 2008
michaelslists at gmail.com:
> The fake site can trivially request the image from the real bank
> server itself, and then display it back to you (you must, of course,
> provider your username before getting to this page. So all the faker
> must do is pass this request on).
Yep, a man-in-the-middle can be set up by a poisoned DNS.
I wonder how many financial sites look at patterns of where
requests originate, to try to spot when that is happening?
_________________________________________________________________
Need to know the score, the latest news, or you need your Hotmail®-get your "fix".
http://www.msnmobilefix.com/Default.aspx
More information about the FoRK
mailing list