[1560] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Jody C Patilla)
Tue Feb 27 20:34:12 1996
From: Jody C Patilla <jcp@tis.com>
To: Paul.Rarey@Clorox.com
Date: Tue, 27 Feb 1996 16:27:29 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <960226140623.ZM6750@maverick.clorox.com> from "Paul Rarey" at Feb 26, 96 02:06:17 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Here is something I just heard about, which sounds like an instance of
DNS-hijacking, but which is *not* Java-related.
A user accesses a corporate Web site. On the second level page, she
discovers that a gif on the page has been replaced with a naughty picture.
Text flashes on the screen advising her to find more of the same at a URL
at SuchandSuch University. The Web server itself was not tampered with
at all.
I wonder if this is at all related to the recent CERT alert regarding attacks
against DNS servers. Has anyone else heard of a similar occurence? I'm certain
this isn't the only instance of this type of problem.
- jcp
--
=========================================================================
Jody C. Patilla jcp@tis.com
Trusted Information Systems Glenwood, Md.
