Re: Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/11/2015 05:28 PM, Christian Huitema wrote:
OK, you are probably correct that this is just one of the many attacks possible when connecting to insecure networks. Then, of course, there is the whole idea of letting an untrusted DHCP server direct one's browser to an arbitrary web page. Looks like an ideal setup for zero days and phishing tools. Ideally, we should only process the redirected page into a fairly tight sandbox...

This is just one example of the "everything is broken" problem. In point of fact, if you can inject packets on the local wire and sniff packets off of the local wire, you can easily send malware to the host simply by providing it with mostly correct information, and then once the hotspot detector has been bypassed, hack the next http query that goes by, stuffing your malware, or instructions to fetch your malware, into the HTML.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]