[Rack] Noisebridge Domain Question

Rubin Abdi rubin at starset.net
Fri Dec 7 07:31:53 UTC 2012


Danny O'Brien wrote, On 2012-12-06 22:08:
>> Correct me if I'm wrong, but a MITM attack can happen regardless of what
>> that domain is doing, or not doing (like in its current state).
> Nah, redirecting allows a specific attack -- it's the specific reason
> for HSTS and pinning, both of which Noisebridge is (kind of weirdly) a
> specifically good example of. For a long time, it was basically just
> us and Paypal doing things correctly.

Explain the attack? If someone wants to spoof DNS in some form and spit
out a new IP address for noisebridge.com, I don't see any reason why
that wouldn't work if noisebridge.com doesn't currently go anywhere.

-- 
Rubin
rubin at starset.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20121206/2da8f336/attachment.pgp>


More information about the Rack mailing list