Date: Wed, 09 Jul 2008 22:21:52 -0700 From: Chris Palmer <chris@noncombatant.org> To: Jason Stone <freebsd-security@dfmm.org>, freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <48759C70.2060705@noncombatant.org> In-Reply-To: <alpine.BSF.1.00.0807092136120.34772@treehorn.dfmm.org> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709182340.GD55473@noncombatant.org> <4875481E.4000100@kernel32.de> <20080709235204.GB72293@root.ucsc.edu> <20080710002749.GK55473@noncombatant.org> <alpine.BSF.1.00.0807092136120.34772@treehorn.dfmm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Stone wrote: > So you say, "But I don't send important information over that > connection, nor do I trust the information I get back?" Maybe. I think > that the AOL data leak fiasco proved that, while people don't generally > think of search queries as sensitive, they really kind of are. And you > almost certainly place _some_ trust in the results you get back; I mean, > you're not reading them purely as fiction. I validate such unauthenticated information at the human layer. Have to -- even when nobody has tampered with DNS, BGP, or HTTP, the stuff at nytimes.com and wikipedia.org is still often false. > So, if your DNS resolver is vulnerable to cache poisoning, then every > time you casually surf the web, you're allowing for the possibility that > you will get spoofed, surf to some malware site, get served a browser > exploit, and get 0wned. That is already true, and is true regardless of the "security" of the DNS. Think hard on why this is possible: http://ex-parrot.com/~pete/upside-down-ternet.html :) Similarly, why does YouTube disappear whenever Pervez Musharraf gets cranky? > I agree that DNSSEC is the real solution. It won't, and can't, solve *any* of the problems you cited. Any attacker than can mangle my DNS traffic (and cache poisoning is hardly the only way to do that) can also just read and alter *any* non-secure-by-design plaintext network traffic. > I also think that making it easy (or even possible) to sandbox the > browsers is a real solution. I think that using strong crypto everywhere > and making fine-grained capabilities and MAC systems ubiquitous is also a > real solution. Okay, I know when I'm being trolled. :) I'll stop posting now. It's bed time anyway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48759C70.2060705>