User: Password:
|
|
Subscribe / Log in / New account

Cache poisoning vulnerability found in BIND

Cache poisoning vulnerability found in BIND

Posted Jul 31, 2007 11:26 UTC (Tue) by cortana (subscriber, #24596)
In reply to: Cache poisoning vulnerability found in BIND by tialaramex
Parent article: Cache poisoning vulnerability found in BIND

... lots of sites that are concerned about snooping, but not about impersonation, use SSL with certificates that are self-signed (or signed by an unknown CA) to avoid the high cost of a "real" SSL certificate.

But the assurance that one is not being snooped strictly requires the assurance that one is not being impersonated.


(Log in to post comments)

Cache poisoning vulnerability found in BIND

Posted Jul 31, 2007 16:02 UTC (Tue) by zlynx (subscriber, #2285) [Link]

Using a self-signed SSL cert still raises the bar considerably. Especially if you immediately save it in your cert DB. Just like using SSH and saving the remote system key for the first time.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds