Abstract:
This brief write-up describes an attack that exploits an inherent
flaw of the client-side trust model in the context of cyber-squatting
and domain hijacking, or in general, in the context of obtaining
temporary ownership of a domain (or major parts of it, e.g. defacing
the main page).
Put simply, the idea explored is to force long term caching of
malicious pages in order for them to still be in effect even when the
domain returns to its rightful owner. Various attack vectors are
discussed, as well as possible protection techniques. While previous
works hinted at the possibility of such attack, it is worthwhile to
discuss this attack in depth and to refute the common misconception
that cyber-squatting, domain hijacking and similar attacks do not
have long lasting effect.
Paper:
http://www.webappsec.org/projects/articles/020606.txt
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Feb 16 2006
Intro
