Subject: Re: DNS issue with c-aress.

Re: DNS issue with c-aress.

From: Greg Christopher <gregory_christopher_at_yahoo.com>
Date: Wed, 16 Feb 2011 16:51:19 -0800 (PST)

I am in agreement.

Greg

----- Original Message ----
From: Guenter <lists_at_gknw.net>
To: c-ares_at_cool.haxx.se
Sent: Wed, February 16, 2011 3:22:48 PM
Subject: Re: DNS issue with c-aress.

Greg,
Am 16.02.2011 22:52, schrieb Greg Christopher:
> It's true also that text based configuration is really easy to attack. I
> actually saw a vendor showing off a simple batch script to add a host line to
> the hosts file, which redirected browsers to a different IP address for
windows
> software updates. Of course from an access standpoint, it's not any more
> defended when the information is stored elsewhere but only accessible via an
> API. They still support the hosts file anyway, so that's not the issue.
well, most likely now the localhost resolving sits somehow in registry, and if
so I could then quickly hack a vbscript which does the same - so manipulation is
most likely equally easy ...
but on the other side lets think a bit about common behavior: isnt it more the
mis-behaviour of the windows users that they all work with administrator rights
(or switch-off ACL), and therefore are able to do such manipulations form their
normal user accout? And isnt this pretty much same prob how all windows boxes
get infected with viruses?

dont get me wrong - I *dont* say that we dont need to care about this prob with
c-ares, just thought that the trouble M$ gives us here now with their latest OS
is worth nothing ...
security is not implementable - its a discipline: windows users must change
their way they use their OS in order to get security, and the OS is meanwhile
prepared for this ... :-)

Gün.

      
Received on 2011-02-17