| ▲ | Terr_ 4 hours ago | |
So compromising one DNS lookup is sufficient, ex: 1. Home router compromised, DHCP/DNS settings changed. 2. Report a wrong (malicious) IP for ww2.ati.com. 3. For HTTP traffic, it snoops and looks for opportunities to inject a malicious binary. 4. HTTPS traffic is passed through unchanged. __________ If anyone still has their home-router using the default admin password, consider this a little wake-up call: Even if your new password is on a sticky-note, that's still a measurable improvement. The risks continue, though: * If the victim's router settings are safe, an attacker on the LAN may use DHCP spoofing to trick the target into using a different DNS server. * The attacker can set up an alternate network they control, and trick the user into connecting, like for a real coffee shop, or even a vague "Free Wifi." | ||
| ▲ | redox99 2 hours ago | parent | next [-] | |
It's usually very simple to get someone to join your malicious WiFi network with SSID spoofing, jamming, etc. | ||
| ▲ | gmueckl an hour ago | parent | prev [-] | |
Just spoofing a DNS reply would be enough if it arrives first, wouldn't it? | ||