funsec mailing list archives
Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 26 Nov 2007 20:02:29 +0100
* Nick FitzGerald:
Florian Weimer wrote:I'd guess the bug is not locale-specific, but depends on the fact that the code considers domain1.co.nz to be equivalent to domain2.co.nz.Hmmmm -- an example of code you _would_ wish to have been written by some of their outsourced (well, "off-shore") code-monkeys so as to avoid the possibility of such stupidity from the outset???
Well, the idea of trust based on effective SLD[1] is pretty much flawed
in the first place. After all, you can still attack others within the
same .com or .edu.
[1] "Effective TLD Service":
<http://wiki.mozilla.org/Gecko:Effective_TLD_Service>
<http://lxr.mozilla.org/mozilla/source/netwerk/dns/src/effective_tld_names.dat?raw=1>
-- not pretty.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Paul Ferguson (Nov 25)
- RE: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey William Lefkovics (Nov 25)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Florian Weimer (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Nick FitzGerald (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Florian Weimer (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Nick FitzGerald (Nov 26)