Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinni

from [Martin Johns] Network Security [Permanent Link]
Subject: Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure")
Date: Tue, 26 Dec 2006 21:45:41 +0100 
I have just been told that the real name of "timeless" is Josh Soref
(apparently a well-known Mozilla contributor). I made the same wrong
reference in my post on breaking DNS-pinning
(http://shampoo.antville.org/stories/1451301).

Best,
Martin


On 12/25/06, Amit Klein <aksecurity@gmail.com> wrote: 
Hi

In the writeup named "Host header cannot be trusted as an anti anti
DNS-pinning measure" (submitted September 7th, 2006) I erroneously
attributed one of the references to the wrong person. The correct text
should read:

[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or
earlier)
http://viper.haque.net/~timeless/blog/11/

The original (wrong) text attributed this reference to Mohammad A.
Haque, who owns the viper.haque.net website, but (in my current
understanding) did not write the referenced text (my understanding now
is that http://viper.haque.net/~timeless/ actually belongs to
"timeless", a different individual).

This mistake also occurred in a response I wrote to a thread "Re: [WEB
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications
using JavaScript" in the WebSecurity mailing list
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.html).

I'm sorry for the confusion.
-Amit






--
Martin Johns
http://www.martinjohns.com

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
Next by Date:  XSS caused by Greasemonkey userscript, Martin Johns
Previous by Thread:  ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
Next by Thread:  XSS caused by Greasemonkey userscript, Martin Johns
Indexes:  [Date] [Thread] [Top] [All Lists]