Paper: Domain contamination by Amit Klein

[Andrew van der Stock <vanderaj () greebo net>]

Abstract:

This brief write-up describes an attack that exploits an inherent  
flaw of the client-side trust model in the context of cyber-squatting  
and domain hijacking, or in general, in the context of obtaining  
temporary ownership of a domain (or major parts of it, e.g. defacing  
the main page).

Put simply, the idea explored is to force long term caching of  
malicious pages in order for them to still be in effect even when the  
domain returns to its rightful owner. Various attack vectors are  
discussed, as well as possible protection techniques. While previous  
works hinted at the possibility of such attack, it is worthwhile to  
discuss this attack in depth and to refute the common misconception  
that cyber-squatting, domain hijacking and similar attacks do not  
have long lasting effect.

Paper:
http://www.webappsec.org/projects/articles/020606.txt

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------