0
1

[–] d0d63m 0 points 1 points (+1|-0) ago 

Has this been updated since it was discussed at defcon 2012?

0
0

[–] PlasmaPower 0 points 0 points (+0|-0) ago  (edited ago)

Seems like typosquating would be much more effective. Given that the error usually occurs before DNS resolution I would expect that a significant amount of requests would result in the browser URL not displaying the original URL. However, both tactics might be combinable in some scenarios. Edit: This idea probably has better uses in other areas too, possibly for APIs and such given that the user does not see the URL.

0
1

[–] sagi [S] 0 points 1 points (+1|-0) ago 

True - the event of a type error is significantly higher.

But that's not DNS Hijacking (i.e. returning a different ip address for a valid domain).

0
2

[–] PlasmaPower 0 points 2 points (+2|-0) ago 

Well neither is this in 96% of cases, from the article:

In 96% of the cases, the bit-error had occurred prior to DNS resolution.

0
0

[–] TheKMAP 0 points 0 points (+0|-0) ago 

Think about the types of victims that would be more likely to fall for a bitsquatting attack. It's been a while since I've watched the defcon vid but if I recall correctly someone's data center got too hot one day and a ton of servers made an identical bit error that resulted in them reaching out to the "malicious" domain.

Not everything needs to be a targeted attack. Sometimes you just need a botnet.