Date: Thu, 10 Jul 2008 17:02:31 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Chris Palmer <chris@noncombatant.org> Cc: Jason Stone <freebsd-security@dfmm.org>, freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <200807100702.m6A72VV4011126@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 09 Jul 2008 22:21:52 MST." <48759C70.2060705@noncombatant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Jason Stone wrote: > > > So you say, "But I don't send important information over that > > connection, nor do I trust the information I get back?" Maybe. I think > > that the AOL data leak fiasco proved that, while people don't generally > > think of search queries as sensitive, they really kind of are. And you > > almost certainly place _some_ trust in the results you get back; I mean, > > you're not reading them purely as fiction. > > I validate such unauthenticated information at the human layer. Have to -- > even when nobody has tampered with DNS, BGP, or HTTP, the stuff at > nytimes.com and wikipedia.org is still often false. > > > So, if your DNS resolver is vulnerable to cache poisoning, then every > > time you casually surf the web, you're allowing for the possibility that > > you will get spoofed, surf to some malware site, get served a browser > > exploit, and get 0wned. > > That is already true, and is true regardless of the "security" of the DNS. > > Think hard on why this is possible: > > http://ex-parrot.com/~pete/upside-down-ternet.html > > :) > > Similarly, why does YouTube disappear whenever Pervez Musharraf gets cranky? > > > I agree that DNSSEC is the real solution. > > It won't, and can't, solve *any* of the problems you cited. Any attacker > than can mangle my DNS traffic (and cache poisoning is hardly the only way > to do that) can also just read and alter *any* non-secure-by-design > plaintext network traffic. DNSSEC won't stop all attacks. It does however stop some attack vectors. Others, like the man in the middle attack above, it won't stop. > > I also think that making it easy (or even possible) to sandbox the > > browsers is a real solution. I think that using strong crypto everywhere > > and making fine-grained capabilities and MAC systems ubiquitous is also a > > real solution. > > Okay, I know when I'm being trolled. :) I'll stop posting now. It's bed time > anyway. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807100702.m6A72VV4011126>