This is the talk page for discussing WikiProject Computer Security and anything related to its purposes and tasks. |
|
Archives: 1, 2, 3, 4Auto-archiving period: 90 days ![]() |
![]() | Computer Security: Computing Project‑class | ||||||||||||||
|
I've nominated Cross-site leaks (a while back) for promotion to a Featured article. Reviews, comments and suggestions are welcomed at the nomination page :) Sohom (talk) 21:36, 9 March 2024 (UTC)
I've conducted a detailed review of articles on DNS-related attacks, including DNS hijacking, spoofing (and cache poisoning), and noticed some areas where we could improve clarity and accuracy, especially regarding the interchangeability of terms and the mention of modern security practices like DoT and DoH.
Terminology Clarification
There seems to be some confusion and overlap in how we define and use terms like DNS hijacking, spoofing, poisoning, cache poisoning, rebinding and redirection. A concerted effort to standardize these terms with clear definitions could significantly benefit the readers. Specifically, distinctions between terms such as DNS hijacking and DNS spoofing, as well as DNS poisoning vs. DNS cache poisoning, need to be more clearly delineated.
Inclusion of MiTM Contexts and Clarification on Attack Strategies
Enhancing these articles to explicitly explain how DNS attacks can facilitate MiTM attacks, including the roles of ARP poisoning and race condition attacks, is necessary. The latter, often conceptualized as a "first reply race" in DNS spoofing scenarios, involves attackers responding to DNS queries more quickly than legitimate servers.
Remedies and Modern Solutions
The absence of discussions on current DNS security measures like DoT (DNS over TLS) and DoH (DNS over HTTPS) in the remedies sections of these articles is a notable gap.
I propose we collaborate to update these articles for accuracy and to reflect latest advancements in DNS security. This effort would involve revising the existing content for clarity, updating terminology to reflect the precise use of DNS-related terms, and adding sections on modern remedies such as DoT and DoH.
I look forward to your feedback, suggestions, and any additional insights you might have on these topics.
Links:
WalterMccan (talk) 12:28, 19 March 2024 (UTC)
Is there a standard practice for how we treat data breaches on Wikipedia? I'm looking at things like 2011 PlayStation Network outage (which I've done some work on and would appreciate eyeballs), 2015_TalkTalk_data_breach, and 2015_TalkTalk_data_breach - but there isn't much consistency. At the very least they should probably all use Template:Infobox_event, but I'm curious to know if there is any 'best practice' I can look at... Joe (talk) 18:31, 20 March 2024 (UTC)
There is a requested move discussion at Talk:CounterSpy (software)#Requested move 27 April 2024 that may be of interest to members of this WikiProject. Safari ScribeEdits! Talk! 22:59, 4 May 2024 (UTC)