Exploit for DNS Cache Poisoning - RELEASED

Matthew Kaufman matthew at eeph.com
Thu Jul 24 03:53:30 UTC 2008

Skywing wrote:
> Bookmarks or favorites or whatever your browser of choice wishes to call them, for the https URLs.  That, or remember to type in the https:// prefix.
> - S

Which works great until you run into something like Washington Mutual 
(of which you have no doubt heard)...

http://www.wamu.com  redirects to


https://www.wamu.com *also* redirects to
http://www.wamu.com/personal.default.asp (!)

And yes, then you're supposed to trust that the page you've been served 
up will send the form submit with your username and password to the 
right place over https.

They do now have a link to 
https://online.wamu.com/IdentityManagement/Logon.aspx on that main page, 
but you have to look for it. But really, https://www.wamu.com should 
redirect to *that* in order for it to be safe for the 

Matthew Kaufman
matthew at eeph.com

More information about the NANOG mailing list