[LINK] PayPal phishing scam - is this a domain hijack
Rick Welykochy
rick at praxis.com.au
Fri Jan 19 16:03:06 AEDT 2007
Eric Scheid wrote:
> On 19/1/07 1:13 PM, "Rick Welykochy" <rick at praxis.com.au> wrote:
>
>
>>For example, my own domain name is praxis.com.au. Is it easy for someone
>>to use westpac-security.login.validation.praxis.com.au as a valid
>>domain and get that into the DNS somehow? I would imagine that would
>>require some (illegal) hacking of zone files.
>
>
> http://en.wikipedia.org/wiki/DNS_cache_poisoning
Thanks for that one, Eric. Fery interesting.
Can I assume that if a DNS cache poisoning attempt was successful
with, say, online.westpac.com.au, I could without my knowledge log into
a rogue machine thinking I am logging on to https://online.westpac.com.au,
provide my login details and be phished without my knowledge?
If the asnwer is yes, it is certainly a frightful situation. The Wikipedia
article did not go to any lengths to assure me that this sort of thing
cannot happen :(
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
The 7 R's of Windows support: retry, restart, reboot, reconfigure,
reinstall, reformat and finally, replace with Linux.
More information about the Link
mailing list