[dnssec-deployment] Washington Post DNS hijack story
Paul Wouters
paul at xelerance.com
Fri Apr 24 16:13:02 EDT 2009
On Fri, 24 Apr 2009, Frederico A C Neves wrote:
> On Fri, Apr 24, 2009 at 07:56:14AM -0700, Richard Lamb wrote:
>> http://voices.washingtonpost.com/securityfix/2009/04/hack_against_isp_hijacks_bank.html?wprss=securityfix
>
> DNSSEC would help nothing here. This was a remote OS exploit and local
> zone configuration at the recursive DNS servers.
The validating stub with DNS forwarder scheme as in fedora-11 would not have
been fooled by a compromised upstream cache.
Paul
More information about the Dnssec-deployment
mailing list