[security] Mea Culpa: Johannes points out a DNS attack
Dan Lyke
danlyke at flutterby.com
Tue Oct 31 19:32:38 UTC 2006
I'm not sure what this buys the attackers, because to have an effect
the machine of the victim has to be compromised, but in his latest
blog entry:
http://netmesh.info/jernst/Technical/myspace-poisened-dns.html?version=200610302254
Johannes points out some wackiness in myspace.com's DNS, notably that
there is, right now, a loopback A record for myspace.com.
Going straight to MySpace's DNS servers as derived from their whois
record gives a superset of answers, except without the loopback.
I'm not sure what the exploit is (I assume it involves a virus or
trojan proxy), but there's DNS wierdness in the wild.
Dan
More information about the security
mailing list