Predrag Knezevic wrote:
The bigger issue is the one that was publicized a few months ago, where
I convince you to look up an address at my server, and then I use that
info to predict the sequence number you'll use in your subsequent
request for Google.com. The only defense is to use better random numbers
over a larger space, and even that isn't perfect protection.
Do you have any link with more infos about this?
Google CVE-2008-4392
See also http://cr.yp.to/djbdns/forgery.html
_______________________________________________
p2p-hackers mailing list
p2p-hackers@lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers
