Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
batuhanicoz
12y ago
0 comments
Save
Share
But if you control the DNS, you can serve a fake LinkedIn from linkedin.com. Can't do https though.
Edit: Ignore it, I forgot he didn't control the DNS at that point. So this is invalid.
0 comments
3 comments · 2 top-level
top
newest
oldest
btown
12y ago
· 1 in thread
Note that at that point in the attack, he had not yet gained access to the router, so he didn't control DNS yet.
batuhanicoz
OP
12y ago
Oh yes, I missed that fact. Sorry.
aaronem
12y ago
But the attacker didn't yet control the DNS when he sent the link to the exploit; he needed the exploit in order to compromise the router and put the DNS hijack in place. So I'm not sure how the hell it worked.
j
/
k
navigate · click thread line to collapse
