[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Otmar Lendl ol at bofh.priv.at
Thu Jul 10 08:54:34 UTC 2008

On 2008/07/10 10:07, Sean Donelan <sean at donelan.com> wrote:
> Of course, whether the user ignores or disables the warnings is another 
> matter.

I talked to the online-banking security guy of Austria's largest bank
and he's very pessimistic regarding end-2-end security as provided
by TLS  / X.509 certs.

In his experience, users simply ignore those warnings.

It may be even worse: some of the X.509 CAs verify the validity of
a CSR by emailing the "Subject" of the Cert whether this is a valid
signing request. Now, if you manage to attack the DNS resolver of
their outgoing email server, then you can redirect that mail and
thus get a valid X.509 Cert in the Banks name.

-=-  Otmar Lendl  --  ol at bofh.priv.at  -=-

More information about the dns-operations mailing list