VeriSign adds DNS wild-cards

Sep 16, 2003

It seems there's another remote exploit in the wild against portable versions of OpenSSH. There is an advisory about it, and some mail. OpenBSDs included OpenSSH isn't affected apparently. I guess it's because of W^X and Propolice — proactive security.

Since the OpenSSH in NetBSD is the exact same version as OpenBSD it'll be interesting to see whether they're affected or not. FreeBSD seems to have a fix in tree already, see this diff from cvsweb.

Some companies really don't have a clue. Take for example Verisign. They just added a wildcard A record for the .com and .net TLDs, so when you ask for some nonexistent .com and .net domain you get redirected to sitefinder.verisign.com. Fortunately it's a fixable problem, look at these Verisign Countermeasures.

The sitefinder.verisign.com server seems to be down now. Perhaps those lame script kiddiots made themselves useful for once.


Last edited: May 1, 2016


Categories: