> From: Danny Mayer [mailto:mayer@gis.net]=20

> I suspect that we will see demand for DNSSEC the first time=20
> that a bank sees a poisoning attack and their customers get=20
> redirected to a fake site and their accounts drained as a=20
> result. Phishing attacks can be alleviated since you can tell=20
> technologically that the site is not what it claims. Their=20
> customers will demand it, the bank will be afraid not to do=20
> it, the insurance companies make it a condition of coverage=20
> of losses, etc. Then of course the military have a need for=20
> it. Of course that still leaves the issue of validating=20
> resolvers being not being widely deployed (okay, so only a=20
> handful of people have deployed them).

This attack is happening but not quite in this way.

A spoofing attack only affects a local area. Seems that the use being =
made by the perpetrators of DNS spoofing is to drive folk to fake =
versions of CNN etc. and try to load a trojan onto their machine.

A stolen CC number is worth less than a dollar. Downloading the trojan =
has a higher success rate and pays out rather more.=20

The trojan could be a keystroke logger, a redialer or just recruit as a =

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.