On Fri, Jul 18, 2008 at 01:17:43PM +0200, Goswin von Brederlow wrote:
Or just one DNS server or even just the users client.
You'd also have to keep the DNS server wrong. Doing this in a manner that people don't notice is (IMO) hard, because people do go looking for particular security updates. And if the client is already compromised, who cares about whether the update mechanism has theoretical issues?