[Previous] [Next] [Index]
[Thread]
Re: Java security problems (fwd from Risks Digest #17.77)
On Fri, 23 Feb 1996, Marianne Mueller wrote:
> This posting is a response to the DNS Spoofing attack described on
> http://www.cs.princeton.edu/~ddean/java/.
>
<---- snip ---->
> What's the fix?
> ----------------
>
> The right solution for this problem is to make the Domain Name Service
> more secure. It shouldn't be so easy for anyone to advertise false
> names or false addresses.
I think people don't realize what decentralization means with respect to
the net. It means that if someone is online and they are providing, then
I can get online through them. Here's the clincher:
Assuming I'm not breaking any local law, only my provider can
exert any control over how I configure my system, what software I run
etc. I can be in Hong Kong, or offshore, or ANYwhere.
The bottom line is, when one is setting up a system, one needs to be able
to configure the IP addresses for the various machines one is hooking
up. Consequently one can configure the system to respond to ANY ip
(again, as long as your provider is in accordance). You have to be able
to configure this.
The alternative, which is barely worth mentioning, since it's total
fiction. Is a centralized system, where DNS is all run out of one
place... gee, I think the load might be kinda heavy... ANYway, that's NOT
the way it works, so, it is moot.
I believe its important that we focus on solutions which are possible
within the network infrastructure we have today.
Cheers,
Nadim
--n d ghaznavi-----------------------------------------------------------
System Administrator ndg@cadlink.com
--cadlink.com--------reachit.com--------ghaznavi.com--------apparel.org--
References: