[nsp-sec] www-google.* phishing?
Chris Morrow
morrowc at ops-netman.net
Thu Feb 14 10:14:34 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/14/2013 10:07 AM, CERT-UT - Peter wrote:
> Chris,
>
> Chris Morrow wrote on 2013-02-14 15:33:
>
>> www-google.nl NS:
>>
>> ;; ANSWER SECTION: www-google.nl. 3600 IN NS
>> ns2.inwx.de. www-google.nl. 3600 IN NS
>> ns.inwx.de. www-google.nl. 3600 IN NS
>> ns3.inwx.de.
>>
>>
>> in general, any 'google owned' domain resolves
>> through/is-served-by: ;; ANSWER SECTION: google.nl.
>> 3693 IN NS ns1.google.com. google.nl.
>> 3693 IN NS ns4.google.com. google.nl.
>> 3693 IN NS ns3.google.com. google.nl.
>> 3693 IN NS ns2.google.com.
>>
>>
>> If it's not ns1/2/3/4.google.com, it's very unlikely it's
>> google's domain...
>
> As I expected. I'll tell the user to be careful in what they enter
> on that site. Or, better yet, not even go to that site.
>
yea... if you have a list i can see about having the antimalware peeps
look at them with their automations... also, maybe get the domains
disabled will help :)
I think in general the issue of 'trademark infringement' is ... next
to impossible to deal with sanely on the intertubes, and that's about
the only hammer we can swing on this sort of issue :( (and it's more
effective in the USA, less so elsewhere)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iD8DBQFRHP9ar6swUqhDs2sRAsq+AJ44MXMoMV+66q8lZ5NUImJi9wZ9TgCfV4hX
88Sr+4NaQcjhPwIoWn75zGQ=
=1lhW
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list