Full Stack for Front End Engineers

Full Stack for Front End Engineers Cache Poisoning

Topics:
Jem Young
Jem Young
Netflix

This course has been updated! We now recommend you take the Full Stack for Front-End Engineers, v3 course.

Check out a free preview of the full Full Stack for Front End Engineers course:
The "Cache Poisoning" Lesson is part of the full, Full Stack for Front End Engineers course featured in this preview video. Here's what you'd learn in this lesson:

Jem describes a potential security problem with cache poisoning, also known as DNS spoofing. When false DNS information introduced, a hacker could divert your site's traffic to their server.

Get Unlimited Access Now

Transcript from the "Cache Poisoning" Lesson

[00:00:00]
>> Jem: What's a potential security hole with DNS? We mentioned before that you can take a bunch of sites offline if you have only had one DNS provider. What's something else that's pretty dangerous that can happen? I know it's in the slides, so. But, just don't jump ahead. What do you guys think?

[00:00:21] Nobody? So let's, lets say you copied my site completely, you copied jemyoung.com. Now this part where it says, buy my book, I don't own a book. But it says buy my book, insert your credit information. Let's say someone copied my site entirely, how would they know they're at the right site?

[00:00:39] Well, you could use something called DNS cache poisoning. So, if I somehow poison all this cache that we talked about earlier, to say that jemyoung.com isn't 23.23.185.61, it's actually this other IP address. And you go there and it looks just like my site. And your browser doesn't know because in the browser it says jemyoung.com, right?

[00:01:01] So, DNS pass voice is a real thing. One way to solve that is through HTTPS, so that just says it's a handshake between the browser and the server, and the DNS provider says, I am where I say I am. But in the early days of internet, this was so malicious.

[00:01:19] You can go to google.com and you're typing in you're logged in and you think your on google.com but you're actually not. You're on a completely different server in China or something like that. So this is a whole, this actually gets brought up probably once a year, someones DNS gets attacked and the cache gets reset and pointing to the malicious websites, which is why companies like Chrome and Firefox are so insistent on HTTPS.

[00:01:45] HTTPS, again, is just it's a handshake that says you are where you say you are. But this is something to be very wary of, DNS cache poisoning, so.
>> Speaker 2: Sorry, Jem, are you gonna actually talk about HTTPS?
>> Jem: If we have time at the end of the day, I would love to get everybody set up on HTTPS.

[00:02:02] But that's, it's a bit more involved, there's still, there are companies like less encryptors. It's fantastic. I use them for my own site, but it's pretty advanced to get that set up, but I'll talk about it a little bit later and hopefully we have time at the end of the day.

[00:02:17] We'll get everybody a nice screen lock icon. Pretty fun.