On 2019-02-21 11:00 a.m., Michael Richardson wrote:
The active element here seems to be the forced use of insecure DNS servers.From https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/ "The two people who did get popped, both were traveling and were on their iPhones, and they had to traverse through captive portals during the hijack period,” Woodcock said. “They had to switch off our name servers to use the captive portal, and during that time the mail clients on their phones checked for new email. Aside from that, DNSSEC saved us from being really, thoroughly owned.” -- Michael Richardson <mcr+[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
The fact that the insecure DNS configuration was forced in order to navigate a Captive Portal is incidental, though unfortunate.
-- Christian Saunders Sr. Software Architect, Wireless Core Shaw Communications Inc.