[12587] in bugtraq
Re: BIND bugs of the month (spoofing secure Web sites?)
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Mon Nov 15 01:28:25 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002b01bf2ef1$38a7a490$1400010a@seifried.org>
Date: Sun, 14 Nov 1999 15:40:16 -0700
Reply-To: Kurt Seifried <listuser@SEIFRIED.ORG>
From: Kurt Seifried <listuser@SEIFRIED.ORG>
X-To: Peter W <peterw@USA.NET>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> While DNS spoofs may be practical, impersonating an SSL-enabled Web
> server requires considerably more than lying about IP addresses.
No, not really. The weak link is the end user, and they are generally
a VERY weak link. I wrote an article dealing with this:
<blatant corporate self-plug>
http://www.securityportal.com/closet/closet19990930.html
</blatant corporate self-plug>
> -Peter
- -Kurt Seifried
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBOC86Tob9cm7tpZo3EQIQugCfUGYpX5JyI/50rR4rxAmOyWyBOzYAnjVN
ZJLNpm2peizpZDThkFqfeykh
=MOsV
-----END PGP SIGNATURE-----
