Bugtraq mailing list archives
Re: InterNIC Shenanigans (crypt-pw)
From: agent () l0pht com (Rogue Agent)
Date: Sat, 12 Oct 1996 11:04:13 -0400
PGP auth scheme also seems vulnerable to replay attacks. For example, suppose alice () victim com sends a signed message to hostmaster () internic net asking him/it to set the nameserver for victim.com to box1. Mallory intercepts this message and stores it for future attacks. A year later, Alice decides to move and change a provider, and sends a signed message asking to change the domain nameserver to box2. Mallory also intercepts it and finds out that alice is moving. A month later when Alice thinks that she has changed her nameserver successfully, Mallory strikes and re-sends the first message. At this time, Alice's domain is effectively disabled because it is served by a wrong nameserver.
Easiest way to fix this is to have a Date field inside the clearsigned text, & make sure InterNIC actually looks at it. RA agent () l0pht com (Rogue Agent/SoD!/TOS/attb) - pgp key on request ---------------------------------------------------------------- The NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one.
Current thread:
- novell utility, (continued)
- novell utility BlackHeart (Oct 09)
- Re: novell utility Bruce M. (Oct 09)
- Re: novell utility Doctor Who (Oct 10)
- Sun Security Bulletin #136 Mark Graff (Oct 10)
- SECURITY HOLE IN AUTHENTICATION FORWARDING Charles M. Hannum (Oct 10)
- Re: SECURITY HOLE IN AUTHENTICATION FORWARDING Tatu Ylonen (Oct 13)
- InterNIC Shenanigans (crypt-pw) Sean B. Hamor (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Yiorgos Adamopoulos (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Igor Chudov @ home (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Steve Reid (Oct 12)
- Re: InterNIC Shenanigans (crypt-pw) Rogue Agent (Oct 12)
- Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 11)
- Re: Excellent host SYN-attack fix for BSD hosts Ollivier Robert (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 16)
- Re: Excellent host SYN-attack fix for BSD hosts David Schwartz (Oct 16)
- novell utility BlackHeart (Oct 09)