In the writeup named "Host header cannot be trusted as an anti anti
DNS-pinning measure" (submitted September 7th, 2006) I erroneously
attributed one of the references to the wrong person. The correct text
should read:
[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or
earlier)
http://viper.haque.net/~timeless/blog/11/
The original (wrong) text attributed this reference to Mohammad A.
Haque, who owns the viper.haque.net website, but (in my current
understanding) did not write the referenced text (my understanding now
is that http://viper.haque.net/~timeless/ actually belongs to
"timeless", a different individual).
This mistake also occurred in a response I wrote to a thread "Re: [WEB
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications
using JavaScript" in the WebSecurity mailing list
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.htm
l).
In the writeup named "Host header cannot be trusted as an anti anti
DNS-pinning measure" (submitted September 7th, 2006) I erroneously
attributed one of the references to the wrong person. The correct text
should read:
[1] "DNS: Spoofing and Pinning", by "timeless", September 12th, 2003 (or
earlier)
http://viper.haque.net/~timeless/blog/11/
The original (wrong) text attributed this reference to Mohammad A.
Haque, who owns the viper.haque.net website, but (in my current
understanding) did not write the referenced text (my understanding now
is that http://viper.haque.net/~timeless/ actually belongs to
"timeless", a different individual).
This mistake also occurred in a response I wrote to a thread "Re: [WEB
SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications
using JavaScript" in the WebSecurity mailing list
(http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00090.htm
l).
I'm sorry for the confusion.
-Amit
[ reply ]