Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinni

To:	"Amit Klein" <aksecurity@gmail.com>
Subject:	Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure")
From:	"Martin Johns" <martin.johns@gmail.com>
Date:	Tue, 26 Dec 2006 21:45:41 +0100
Cc:	bugtraq@securityfocus.com, websecurity@webappsec.org, webappsec@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MMqAYujpFlvzFifhxJ/eaB/bdR8LAtQSq7k2SEA7Dp18LNQstCtgHkom+C27RvdF7iY9jZ8lsUT5fJqnWm5VAO5uzBYKuDwPpUrDgHWO5s+JLuwMKPuCg2U8aZ7RDpOP8c2gAaaJ46KredTkDnXc8jBYKDFtpDbfWVYuxmhpGZs=
In-reply-to:	<45901C94.4080208@gmail.com>
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm
References:	<45901C94.4080208@gmail.com>

I have just been told that the real name of "timeless" is Josh Soref
(apparently a well-known Mozilla contributor). I made the same wrong
reference in my post on breaking DNS-pinning
(http://shampoo.antville.org/stories/1451301).

Best,
Martin


On 12/25/06, Amit Klein <aksecurity@gmail.com> wrote:

Hi

In the writeup named "Host header cannot be trusted as an anti anti
DNS-pinning measure" (submitted September 7th, 2006) I erroneously
attributed one of the references to the wrong person. The correct text
should read:

[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or
earlier)
http://viper.haque.net/~timeless/blog/11/

The original (wrong) text attributed this reference to Mohammad A.
Haque, who owns the viper.haque.net website, but (in my current
understanding) did not write the referenced text (my understanding now
is that http://viper.haque.net/~timeless/ actually belongs to
"timeless", a different individual).

This mistake also occurred in a response I wrote to a thread "Re: [WEB
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications
using JavaScript" in the WebSecurity mailing list
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.html).

I'm sorry for the confusion.
-Amit



--
Martin Johns
http://www.martinjohns.com

<Prev in Thread]	Current Thread	[Next in Thread>
ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein Re: ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Martin Johns <=

Previous by Date:	[OpenPKG-SA-2006.043] OpenPKG Security Advisory (links), OpenPKG GmbH
Next by Date:	Re: phpcms <=- 1.1.7 Remote File Inclusion, Stuart Moore
Previous by Thread:	ERRATA (Re: "Host header cannot be trusted as an anti anti DNS-pinning measure"), Amit Klein
Next by Thread:	XSS with Vbulletin (new idea !), ashraf1984
Indexes:	[Date] [Thread] [Top] [All Lists]