Content deleted Content added
Added an 'an', per English |
Pleasancoder (talk | contribs) m →Publishing false sub-___domain – DNS cache poisoning: Hack certificates |
||
Line 259:
Via [[DNS cache poisoning]], an attacker might be able to cause a DNS server to cache a fabricated DNS entry, say <code>f12345.www.example.com</code> with the attacker’s server IP address. The attacker can then post an image URL from his own server (for example, <code><nowiki>http://f12345.www.example.com/img_4_cookie.jpg</nowiki></code>). Victims reading the attacker’s message would download this image from <code>f12345.www.example.com</code>. Since <code>f12345.www.example.com</code> is a sub-___domain of <code>www.example.com</code>, victims’ browsers would submit all <code>example.com</code>-related cookies to the attacker’s server; the compromised cookies would also include ''HttpOnly'' cookies.
This vulnerability is usually for [[Internet Service Provider]]s to fix, by securing their DNS servers. But it can also be mitigated if <code>www.example.com</code> is using ''Secure'' cookies. Victims’ browsers will not submit ''Secure'' cookies if the attacker’s image is not using encrypted connections. If the attacker chose to use [[HTTPS]] for his img_4_cookie.jpg download, he would have the challenge<ref name="certificatehack">Wired [http://www.wired.com/threatlevel/2011/03/comodo-compromise/ Hack Obtains 9 Bogus Certificates for Prominent Websites</ref> of obtaining an SSL certificate for <code>f12345.www.example.com</code> from a [[Certificate Authority]]. Without a proper SSL certificate, victims’ browsers would display (usually very visible) warning messages about the invalid certificate, thus alerting victims as well as security officials from <code><nowiki>www.example.com</nowiki></code>.
=== [[Cross-site scripting]] – cookie theft ===
| |||