[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: list-nanog2 at dragon.net (Paul Ebersman)
Date: Mon, 25 Feb 2019 12:14:59 -0700
In-reply-to: <CAB69EHhdW9i3YiWsgjxqBbCEBFKnyWd8QbD3qivR5=5tHmk4fQ@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAB69EHhdW9i3YiWsgjxqBbCEBFKnyWd8QbD3qivR5=5tHmk4fQ@mail.gmail.com>

ekuhnke> One thing to consider with authentication for domain registrar
ekuhnke> accounts:

ekuhnke> DO NOT USE 2FA VIA SMS.

Yup. This is a good example of what I'm advocating. Just saying "use
2FA" or "use DNSSEC" or "have a CAA" isn't sufficient detail to make
informed decisions of risk/effort/reward tradeoffs. Simplistic
suggestions without details or context isn't doing anyone any favors.

That said, even SMS 2FA is better than no 2FA. Barely. Just like forcing
lousy passwords is better than no password but still not a best
practice.

Follow-Ups:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu)

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: johnl at iecc.com (John Levine)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: list-nanog2 at dragon.net (Paul Ebersman)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: list-nanog2 at dragon.net (Paul Ebersman)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: owen at delong.com (Owen DeLong)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: eric.kuhnke at gmail.com (Eric Kuhnke)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread