Versign creates man-in-the-middle attack on DNS
Neil Johnson
njohnsn at njohnsn.com
Mon Sep 15 19:24:23 PDT 2003
Just a few hours ago Versign modified the Internet's root DNS servers to
respond to ANY DNS lookup that doesn't resolve in a real hostname to return
the IP address of one their servers where they claim to have a search engine.
For example, if you access http://www.thisisjunk55666.com , you will get a
Verisign page, not a "Host can not be found error".
This means that many anti-spam checks will fail among other issues.
They will also intercept mail to mistyped email hosts (They claim to reject
the mail, but not after having collected the From and To address).
This really bites.
--
Neil Johnson
http://www.njohnsn.com
PGP key available on request.
More information about the cypherpunks-legacy
mailing list