Fortunately, secure DNS servers plus DNSSEC were designed to prevent bad actors from altering DNS results in-stream. This is good because now the ultimate bad actor wants to do it.
The more the Empire tightens its grip, the more star systems slip through its fingers.
Right, there are ways around it, but if they stop the unwashed masses, then they consider it a success.
I take it back there is one way:
Mandate a compromised IP stack + backdoored CPU ( vpro, for example ) on every machine that connects to the network.
I remember in the old days of dial-up how some companies had their own custom IP stack + software to be able to connect to their service. Sure, it was not nefarious at the time as it was still the early days, but i was thinking "this could be really bad if used the wrong way"
A few others did too, the 'local' one i used for a while ( i forget the name now, its been too long ) also did it.
I do realize its long ago not everyone did it, etc. bla bla. Just pointing out that they could do it, again.
So at the office they are in the process of "denying iis verbs" on all web servers.
Wont that make many of the apps useless?
ya, get. post, head. etc.
i had to go look it up too.. I heard about it a few months ago ( i was asked to automate something about it ) then just saw the CMR yesterday that its really going to happen.
Ok so its not ALL methods, err verbs. The CMR said 'disabling verbs on all IIS servers' and that was all it said, other than listing which servers were in each "batch". it implied all, and i had zero idea how anything was going to function. But in reality, its only some of the more "dangerous" ones ( in their eyes ) such as delete, patch, and nuke. But stuff like post and get are still allowed.
Still killing a few of our apps. But at least not a complete implosion.