[LINK] British researcher finds a 'kill switch' for global cyber attack
Scott Howard
scott at doc.net.au
Mon May 15 10:45:49 AEST 2017
No, but you can have it do a TXT lookup and check the response, or
something similar. For bonus marks, sign the response using an asymmetric
key so that it can't be reverse engineered.
(or any one of a thousand other options that would be far better than a
single DNS lookup as this one seemingly did)
Scott
On Sun, May 14, 2017 at 5:31 PM, Hamish Moffatt <hamish at cloud.net.au> wrote:
> On 15/05/17 10:25, Paul Bolger wrote:
>
>> The next one will have the kill switch encrypted.
>>
>
> I think it was discovered by watching the network traffic from an infected
> computer - the investigator would have noticed the DNS lookup requests for
> the magic domain. You can't encrypt that.
>
>
> Hamish
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list