Hacker News new | past | comments | ask | show | jobs | submit login

As an individual,this is great news for me. But for corporate use,this means having to intercept https unless you can turn DoH off via GPO or something.

These days,credential and PII theft phishing is a huge concern. Without intercepting https,the only way to know if a user went to a phishing site is by logging DNS or relying on SNI(SNI encryption is being developed as well).




I'm sure it'll end up in https://github.com/mozilla/policy-templates/blob/master/READ... if it gets officially added and released.

Though I will say inspecting DNS for phishing protection is like watching your front door to catch a burglar.


Once you know of a phishing attack (or malware activity) you need to check what users fell for it. For prevention, your run of the mill phishing campaign blasts emails at a large number of recipients,you can block domains it uses to prevent infection or visits to malicious URLs.

In essence,defenders need to monitor for and block attacker infrastructure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: