On Thu, 14 Dec 2017 16:33:29 -0800 (PST) Matthew Hardeman via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> That attack was by hacking the target's domain registrar account. > Others have done that as well, including against a Brazilian bank. > > The right attacker would not even need that - they could just hijack > traffic headed to the IP address of the real DNS server in question. Attacking the registry or registrar are perhaps *more* effective rather than less, because this focuses on the agreed source of truth. We've seen not so long ago with Togo that even a TLD registry may not be as secure as we'd like. An attacker with control over North American routing may be able to arrange for traffic from a North American CA to, say, Fox IT systems in Europe to be directed to them instead, but find it difficult to do the same for traffic from say, Russia. But if the attacker simply changes the actual DNS data controlled by the registrar, everywhere in the world will agree that this new data is correct - it comes from the legitimate source of truth on the matter. Russia is just as happy as Canada to believe what the registrar for a domain says about that domain. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
