undefined | Better HN

0 pointsdijit6y ago0 comments

If you can inject such content (as in an arp poisoning or other man in the middle scenario) why wouldn’t you go after the dns requests?

0 comments

Liquid_Fire6y ago

HTTPS will protect you against hijacked DNS requests as well.

dijitOP6y ago

Not by itself, if you have special HTTP headers it will. But some of those are deprecated (HPKP; for example)[0]

[0]: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browse...

Liquid_Fire6y ago

If you hijack the DNS request and respond with the IP of a different server, that server will not have a valid certificate for the domain in question. Why are any extra features required?

j / k navigate · click thread line to collapse

0 pointsdijit6y ago0 comments

If you can inject such content (as in an arp poisoning or other man in the middle scenario) why wouldn’t you go after the dns requests?

0 comments

Liquid_Fire6y ago

HTTPS will protect you against hijacked DNS requests as well.

dijitOP6y ago

Not by itself, if you have special HTTP headers it will. But some of those are deprecated (HPKP; for example)[0]

[0]: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browse...

Liquid_Fire6y ago

If you hijack the DNS request and respond with the IP of a different server, that server will not have a valid certificate for the domain in question. Why are any extra features required?

j / k navigate · click thread line to collapse