Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

According to the project’s website, the goal is to “create an application that runs as a service and hooks into the hosts DNS system to catch all requests to the .p2p TLD while passing all other request cleanly through. Requests for the .p2p TLD will be redirected to a locally hosted DNS database.”

Cool, so, uh, /etc/hosts?



Just did a quick experiment and the hosts takes priority over DNS, so domain poisoning this way is easy.

Tricking windows users still need to get around UAC to overwrite the file but most inexperienced users just click 'Continue' anyway.


I'm not sure if you mean that as just an aside or in context of this .p2p tld, but I'm pretty sure an "application that runs as a service and hooks into the hosts DNS system" would need elevation too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: