This will Solve Login Problem

The more I think about this, as I chew on a tasty lunch, the more I think that this should not be "finally" but rather "most importantly."

Network stuff isn't really my gig. Maybe you could come up with a quick summary of how somebody with a hacked DNS server could, for example, steal the passwords of people going to forums.secondlife.com or the grid login servers? Seems routing people to a proxy could be done without users having to download anything - maybe could be done without them noticing anything different at all, except a performance hit.

Meade

Don't choke on your food, chew slowly, you'll need a qualified doctor if you do.

Thanks - I'll be careful.

Again, I think the first post should really say that this is for people in or not-too-far-from Germany. People in the US, where most SL residents are from, really shouldn't be pointing to a .de DNS...

Meade

Fully agree with what your saying that is why further posts followed to clarify this shorlty after the first posting and also a post followed up from Alyx.

If people don't read the full Thread and other posts associatted to it then its only themselves to blame.

Most SL residents are from the US? I love to see that clarified........

I know that 3 out of 4 US Citizens make up a total of 75% of the US population,
but not sure about SL, still thats another debate I am not getting into..

P.S I shall edit the first Thread so not cause any confusion for our friends across the water.

'Scuse.. Meant that there are far more accounts from the US than from anywhere else.

http://spreadsheets.google.com/pub?key=pxbDc4B2FH97EelkdtADOAg&gid=7

US = 26% of the active accounts in SL and 35% of the hours logged-in.
Germany has 9% of the active accounts in SL and 12% of the hours logged-in.

TY for updating the first post.

You've pretty much got it right there. A malicious DNS server could route all HTTP traffic through itself, acting as a proxy for any sites it sees fit. In the case of the forums, I believe the login section is run through HTTPS, which at elast provides a bit of security. It wouldn't be as simple as just pretending to be forums.secondlife.com, because the SSL certificates would not match. Visitors would get the "this certificate may be invalid" type warning message... and how many of us just click "accept anyway" and carry right along? If a user did that in this case, the attacker would have their password.

Any website that didn't involve HTTPS would be subject to password-stealing that the user had absolutely no way of detecting. It might even be possible to do this with sites involving HTTPS, if the hidden proxy server could manage to redirect the browser to a non-HTTPS version of the login page. Hell, all that's REALLY necessary is detecting when someone goes to http://secondlife.com and simply plastering a fake login page in their face... the bar at the top would say "http://secondlife.com/", but it would actually be the malicious webserver.

That's only the beginning of the nastiness possible if an attacker owns your DNS server. The door is pretty much wide open.