[OTR-dev] OTR homepage DNS poisoned?
dionyziz at gmail.com
Mon Dec 21 05:55:57 EST 2015
Thanks for your info and your concern. I suspect that the zeroredirect
virus is a different issue, as plugging the same machine to a
different network produces different DNS results – one is legit and
one isn't. Furthermore, none of the documented viral behaviors such as
a misconfigured DNS server or a proxy server occur in my machine. It's
not unlikely that zeroredirect employs various mechanisms to achieve
redirects to their website, of which client machine infection is only
I also hope my operational security for this machine is quite
diligent, as I do not run software which is not securely verified from
a trusted source, either using HTTPS with a trusted domain, or a GPG
signature with a trust path from my key. While I could have made a
mistake, I think DNS poisoning at the network level beyond my machine
is most likely the case.
On Mon, Dec 21, 2015 at 3:38 AM, Paul Wouters <paul at cypherpunks.ca> wrote:
> On Wed, 9 Dec 2015, Dionysis Zindros wrote:
>> The OTR homepage at http://otr.cypherpunks.ca/ seems to be
>> man-in-the-middled in certain networks. I have checked through various
>> different networks with various results.
>> In the man-in-the-middled OTE connection I can see this trace:
>> HTTP/1.1 302 Moved Temporarily
> Googling for zeroredirect gives me a lot of links about the "google
> redirect" virus. I'd throw away that machine and build a new one.
> If you want to avoid DNS redirects I can recommend installing
> "dnssec-trigger" from NLnetlabs.
More information about the OTR-dev