Wow, this is an extremely serious vulnerability. People writing it off because it requires MitM. There's always a MitM, the internet is basically a MitM.
Wow, this is an extremely serious vulnerability. People writing it off because it requires MitM. There's always a MitM, the internet is basically a MitM.
MitM isn't even necessary, a rogue DHCP server configuring a malicious DNS could attack this.
That's still a MITM, albeit a LAN-local one. Non-LAN WAN isn't the total scope of MITMs.
If my computer asks your computer what dns server to use, and you respond with the address of a nefarious one, it's not necessarily a mitm.
That is a form of MiTM. It’s just changing DNS to IP bindings rather than IP to MAC or prefix to ISP.