BugTraq
[Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Apr 13 2006 05:29PM
Dave Korn (davek_throwaway hotmail com) (2 replies)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 14 2006 12:13AM
Joachim Schipper (j schipper math uu nl) (1 replies)
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 19 2006 03:56PM
Mario Contestabile (marioc computer org) (1 replies)
RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 20 2006 08:04AM
Nick FitzGerald (nick virus-l demon co uk)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Apr 13 2006 05:36PM
Brandon S. Allbery KF8NH (allbery ece cmu edu) (2 replies)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 16 2006 02:32AM
Jamie Riden (jamesr europe com)
On 14/04/06, Brandon S. Allbery KF8NH <allbery (at) ece.cmu (dot) edu [email concealed]> wrote:
>
> On Apr 13, 2006, at 1:29 , Dave Korn wrote:
>
> > Hey, guess what I just found out: Microsoft have deliberately
> > sabotaged
> > their DNS client's hosts table lookup functionality.
>
> I thought this was part of avoiding malware attempts to block Windows
> Update.

In that case, they should allow us to add symantec et al - it's not
much use having Windows Update working while the machine is happily
rootkitted. Grepping hosts files across campus for 127.0.0.1 ...
liveupdate.symantec.com - or your local equivalent - can prove
interesting.

If it was a feature, I'd expect there to be ways to add to the list of
pass-through domains, or ways to disable it.

cheers,
Jamie
--
Jamie Riden / jamesr (at) europe (dot) com [email concealed] / jamie.riden (at) computer (dot) org [email concealed]
"Microsoft: Bringing the world to your desktop - and your desktop to
the world." -- Peter Gutmann

[ reply ]
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 13 2006 06:59PM
Stan Bubrouski (stan bubrouski gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus