If you want to snoop on DNS queries, you should get permission from the owner. Period. The mental gymnastics to rationalize not needing permission, or claim that isn't the issue have been quite impressive.
Nobody is proposing using DoH in a way that cannot be disabled by the owner, so the discussion is moot. Your vendor can do all kinds of user hostile stuff in future updates, but until they actually start doing that, why discuss it?
-
-
So can you/Google commit to my Nest smoke alarms and Google WiFi not using DoH in a way I can't disable? And if we leave it until vendors actually start doing it, it's too late, it's done, and the genie rarely gets put back into the bottle. Heck even asbestos is being used again.
- 3 more replies
New conversation -
-
-
In the real world we already deal with enterprise-hostile devices trying to connect, and DoH being used as a C2 channel is real now (see GoDoH on github). The technical answer is to block DNSless traffic, forcing IoT to use your network-supplied DNS. ZeroTrust at gateway.
-
Yes, just like *every* other protocol, malware can use it. Malware can also do C2 over twitter, email, or even custom protocols, e.g. https://attack.mitre.org/techniques/T1094/ …. If we disable any protocol that can "be used as a C2 channel", then what protocol remains?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
