[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

Subject: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
From: hf0002+nanog at uah.edu (Hunter Fuller)
Date: Tue, 26 Feb 2019 22:02:05 -0600
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Tue, Feb 26, 2019 at 9:56 PM Keith Medcalf <kmedcalf at dessus.com> wrote:
> I did write my own TOTP client.  However, why do you assume that I am talking about a TOTP client and not the referred webpage which requires the unfettered execution of third-party (likely malicious) javascript in order to view?  Not to mention requiring the use of (also quite possibly malicious) downloaded fonts?

Well, because:
1. the page's <noscript> tag points to the github repo which contains
the raw data in a fairly readable form; and
2. the page works fine in Lynx despite the warning.

References:
- 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: sethm at rollernet.us (Seth Mattinen)
- 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: kmedcalf at dessus.com (Keith Medcalf)

Prev by Date: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread