undefined | Better HN

0 pointsdvfjsdhgfv6y ago0 comments

I'm quite precise about about what these tools can and cannot do on my systems. Downloading random files form the Internet isn't on the list. When you hand over the control of the hosts file to someone else, you're basically transfer control of your DNS queries.

0 comments

michaelmior6y ago

At least for HTTP, you're hopefully using TLS for anything important and failing if the certificate isn't valid. That certainly won't remove all the risks of losing control of your DNS, but it's one good safeguard.

IggleSniggle6y ago

Some of my favorite hacks in the last year have been about using valid certs for bad actions. When you can have a cert from Microsoft (Azure), there’s a lot of things people will trust.

Along similar lines, I think I heard that 30% of detected malware was signed with a “trusted” authority last year.

j / k navigate · click thread line to collapse

0 pointsdvfjsdhgfv6y ago0 comments

0 comments

michaelmior6y ago

IggleSniggle6y ago

Some of my favorite hacks in the last year have been about using valid certs for bad actions. When you can have a cert from Microsoft (Azure), there’s a lot of things people will trust.

Along similar lines, I think I heard that 30% of detected malware was signed with a “trusted” authority last year.

j / k navigate · click thread line to collapse