[BlueOnyx:15032] Re: SSL change after updates?
Roy Urick
rurick at usa.net
Thu Mar 27 22:03:58 -05 2014
Makes sense now. Thanks for bringing me up to speed.
> On Mar 27, 2014, at 10:16 PM, Michael Stauber <mstauber at blueonyx.it> wrote:
>
> Hi Roy,
>
>> Im not expert, but wouldnt the "hacker" need to somehow get your private
>> key first?
>
> Yes, no worries. Michael Aronoff and I were talking about wildcard DNS
> records. It's entirely separate from SSL. You can have DNS wildcard
> records such as *.domain.com. In that case any subdomain you try to
> access goes to (say) www.domain.com.
>
> It is a lazy way of doing DNS records and it can have some undesired
> effects.
>
> Let's say you or a client of yours runs a perfectly legitimate online
> business under www.domain.com.
>
> For one reason or another this site is configured to use wildcard DNS
> records.
>
> Now say a competitor or disgruntled person puts a link on *his* site (or
> Facebook or Twitter) to http://frauds-are-us.domain.com and your
> wildcard DNS records would happily route all visitors to your
> www.domain.com Vsite.
>
> Depending on how you've configured your "web alias redirects" the URL in
> the browser would then also show your perfectly fine business page under
> the URL of http://frauds-are-us.domain.com
>
> Which might not be what you or your client wanted.
>
> So yeah, wildcard DNS records are possible and I might allow them in
> BlueOnyx. But it also must be made sure that people know that it could
> lead to technically perfectly fine but still undesired results such as
> mentioned above. :-)
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list