Security Basics mailing list archives
Web vs. email vulnerability
From: SANDER SMITH <ssmith3988 () rogers com>
Date: Thu, 25 Oct 2007 12:01:37 -0400 (EDT)
I'm doing an assessment for a project, and I've come up with an interesting question I'd like some feedback on. Which is more vulneable to hacker attacks, hijacking a website or hijacking incoming email? What I mean by hijacking a website is a hacker changing the DNS resolution for a domain so that all traffic is routed to a site he controls instead of the authentic site. Let's assume that everything goes over HTTP and not HTTPS (where things get much tougher for the hacker). By hijacking email, I mean the hacker modifying things so that all email coming to a specific email account is routed to him instead. In neither case does the hacker have any special access, he's just a random hacker, he doesn't work for an ISP or domain registrar. So my question is: is either of these two cases more vulnerable than the other? I contend that both cases are equally vulnerable since they both rely on the fidelity of DNS records. Someone who can play games with the DNS records can easily launch either of these attacks. Now having said that, my gut feeling is that I'm wrong. I'm looking for other people's ideas to either tell me I'm right, or explain why I'm wrong. Thanks a lot for your help.
Current thread:
- Web vs. email vulnerability SANDER SMITH (Oct 25)