Cache poisoning vulnerability found in BIND
Posted Jul 26, 2007 13:13 UTC (Thu) by nix
In reply to: Cache poisoning vulnerability found in BIND
Parent article: Cache poisoning vulnerability found in BIND
SSL solves it? Not hardly, given that huge numbers of sites use outdated certs and a lot use self-signing. Most people just click 'accept' when asked: they certainly don't look at the cert's content, and even if they did, would they be able to spot a false one, what with VeriSign and others doing minimal verification of applicant identity beyond `do they have a credit card'. (Credit cards are, after all, so very had to get: my friend's daughter could have half a dozen by now, and she's less than a year old).
to post comments)