[dnssec-deployment] Washington Post DNS hijack story
Jeremy C. Reed
reed at reedmedia.net
Fri Apr 24 15:41:12 EDT 2009
On Fri, 24 Apr 2009, Frederico A C Neves wrote:
> On Fri, Apr 24, 2009 at 07:56:14AM -0700, Richard Lamb wrote:
> > http://voices.washingtonpost.com/securityfix/2009/04/hack_against_isp_hijacks_bank.html?wprss=securityfix
> DNSSEC would help nothing here. This was a remote OS exploit and local
> zone configuration at the recursive DNS servers.
If the client does its own DNSSEC validation and the parents have DS
records and the cracker didn't have access to private keys, then seems
like DNSSEC could help.
More information about the Dnssec-deployment