On Saturday, July 11, 2015 1:13 PM, Warren Kumari [mailto:warren@xxxxxxxxxx] wrote > On Saturday, July 11, 2015, Christian Huitema <huitema@xxxxxxxxxxxxx> wrote: > >> There is definitely an attack vector there. Suppose an attacker can monitor the traffic, say on an >> unencrypted Wi-Fi hot spot. The attacker can see a DHCP request or INFORM, and race in a fake >> response with an >> URL of their own choosing. The mark's computer automatically connects >> there, and download some zero-day attack. Bingo! > > An attacker with this level of access can already do this. They fake a DHCP response with themselves > as the gateway and insert a 302 into any http connection. Or, more likely they simply inject > malicious code into some connection. > > Connecting to unknown/ unencrypted networks is inherently dangerous... OK, you are probably correct that this is just one of the many attacks possible when connecting to insecure networks. Then, of course, there is the whole idea of letting an untrusted DHCP server direct one's browser to an arbitrary web page. Looks like an ideal setup for zero days and phishing tools. Ideally, we should only process the redirected page into a fairly tight sandbox... -- Christian Huitema