ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure")

[Amit Klein <aksecurity () gmail com>]

Hi

In the writeup named "Host header cannot be trusted as an anti anti 
DNS-pinning measure" (submitted September 7th, 2006) I erroneously 
attributed one of the references to the wrong person. The correct text 
should read:

[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or 
earlier)
http://viper.haque.net/~timeless/blog/11/

The original (wrong) text attributed this reference to Mohammad A. 
Haque, who owns the viper.haque.net website, but (in my current 
understanding) did not write the referenced text (my understanding now 
is that http://viper.haque.net/~timeless/ actually belongs to 
"timeless", a different individual).

This mistake also occurred in a response I wrote to a thread "Re: [WEB 
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications 
using JavaScript" in the WebSecurity mailing list 
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.html).

I'm sorry for the confusion.
-Amit



-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 3 
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------