DNS
Latest
US investigating Friday's internet blackout as 'criminal act'
This morning, several sites were shut down due to a distributed denial of service (DDoS) attack on Dyn, a large domain name server. Sites affected include Twitter, Spotify, the New York Times, Reddit, Yelp, Box, Pinterest, Paypal and potentially a lot more. It seems as if this attack was focused on the east coast. Now Reuters is reporting that the US government is investigating it to see if it was a "criminal act." The news outlet reports that it's not clear yet on who's responsible and the Department of Homeland Security has said that it's "investigating all potential causes." According to Dyn, it resolved one attack earlier this morning, but there was a second attack a few hours later. As of this writing, some sites like Twitter and Spotify appear to be back up, but there are still sporadic outages that result in broken images and links. Update: According to Krebs, security firm Flashpoint is now reporting that a Mirai-based botnet is involved in the attack on Dyn. Mirai is a malware that specifically targets IoT devices like routers, DVRs and cameras, turning them into bots that then report to a central server that could then send out mass DDoS attacks like we saw today.
US reduces its internet oversight
After lengthy delays and no small amount of political opposition, it's official: the US has given up a key aspect of internet oversight. As of October 1st, the Internet Corporation for Assigned Names and Numbers (the outfit that manages the domain name system) is no longer under the watch of the US' National Telecommunications and Information Administration. ICANN is now a private, non-profit organization that will take its input from academics, companies, governments and the public. While the American government didn't really wield its influence, it no longer has that option.
Netflix steps up proxy blocking to celebrate Oscars weekend
What else gets you in the inclusionary spirit of the Oscars like your favorite streaming service blocking you from accessing it? That's the reality many woke to this weekend when Netflix stepped up its efforts to block those using VPNs and other region unlocks from viewing shows and movies.
A critical security flaw affects nearly the entire internet
An eight-year-old bug in the Internet's Domain Name System (DNS) could be used to widely spread malware, according to security researcher Dan Kaminsky. He says a flaw found in the Gnu C standard library, aka "glibc," can trick browsers into looking up shady domain names. Servers could then reply with overly-long DNS names, causing a buffer overflow in the victim's software. That would in turn let hackers execute code remotely and possibly take over a machine. While the hole has already been patched, Kaminksy said "the buggy code has been around for quite some time -- since May 2008 -- so it's really worked its way across the globe." In other words, it could ages for the fix to be applied broadly.
Researchers can steer your emails away from hostile nations
You're probably no doubt aware that no packet of data you send on the internet is safe from prying eyes. And because of the way traffic is routed, those packets often take a ride through nations that are keen to observe or even censor that data -- like China, North Korea or yes, the US. However, researchers from the University of Maryland have found a way to go around certain regions when sending data and then provide concrete proof of the feat. The system, called Alibi Routing, uses a technique often used for illegal activities -- peer-to-peer routing.
The US won't end its internet oversight for another year
If you were looking forward to the US relinquishing its internet oversight at the end of September... well, you'll be disappointed. The Department of Commerce has delayed the transition by "at least" a year. Simply put, the community isn't yet ready to take the reins -- it won't have time to both submit and implement its plans, which need a government rubber stamp to go ahead. The breathing room should give ICANN and friends a smoother transition that keeps the internet's domain name system out of the hands of governments and other parties that might want to limit free speech or privacy. There's no certainty that this is the last delay, but the Commerce Department can extend its ICANN partnership for up to three more years if there's a particularly serious logjam.
Cisco buys a DNS provider to protect you in the cloud
When you think of internet security from Cisco, you probably imagine firewalls and routers (usually) stopping hackers and malware from hitting your network. You're going to have to expand that definition very shortly, though. Cisco has snapped up OpenDNS, whose domain name services you might have used to dodge regional restrictions or improve on your internet provider's less-than-stellar connection. The networking giant isn't making the acquisition for any of those reasons, though. Instead, it's all about boosting Cisco's cloud security -- the goal is to defend against attacks on your corporate network wherever you happen to be, and to predict threats before they strike.
Wink has a fix ready for its busted smart home hubs
Over the last day Wink Hub smart home controllers were hit with a long outage that left many users disconnected for good and needing to return their units. Now, the company has worked out a solution that owners can apply themselves. Several people who were affected by the problem -- traced to an expired security certificate -- have already tried the fix on their devices and say it works. Ultimately, what owners will need to do is temporarily reconfigure the DNS setting on their router, which directs the Hub to a specially configured server where it can download an update that fixes the problem. Update: The directions are available now, check out the Wink support site here.
The internet's governing body was hacked, too
The Sony Pictures hack is getting all of the attention right about now, but it turns out that another prominent organization recently was victim to a security breach as well. Last month, ICANN, the outfit that regulates the internet's domain names and IP addresses, fell prey to a phishing attack that tricked employees into giving out email login info. What'd the ne'er-do-wells get a hold of? Administrative access to all the files in the Centralized Zone Data System. Which, as The Register points out, granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.
New web service prevents spies from easily intercepting your data
The encryption that protects your email and social updates is far from flawless -- it's relatively easy for spies to intercept your data using spoofs and hacked servers. If Greg Slepak has his way, though, there will soon be a safer way to send your info. His okTurtles project uses blockchains (the transaction databases you see in virtual currencies like Bitcoin) to let you communicate over the web without the risk of a man-in-the-middle attack. Rather than rely on website security certificates that could easily be compromised, it gives individual users public keys that unlock data within blockchains. There's no centralized authority, and you can even run one of the necessary servers yourself if you don't trust others. When complete, okTurtles will have a browser add-on that lets you use this authentication on virtually any site. You could talk to a fellow okTurtles user through Gmail without worrying that someone besides your recipient could easily read the message, for example.
SOE gives free game time for yesterday's login issues
If you were one of the players affected by Sony Online Entertainment's network-wide downtime yesterday, we have some good news. The company has announced on various social media outlets that it will be giving away two days of free access time to all accounts. This includes those on Landmark's beta access accounts as well. "We deeply regret the recent service interruption that is currently impacting all SOE games," DCUO Community Manager Mepps said in a forum post. "As a thank you for your patience, we will add two days of membership time to all members' accounts." According to EQ2wire.com, this downtime was caused by the SonyOnline.net domain name expiring, which SOE president John Smedley addressed in a tweet: "Sorry for the DNS problems folks. Won't happen again. Notices sent to wrong email. Doh."
Turkish ISPs make getting to YouTube a little easier, but haven't unblocked it yet
Even after the unbanning of Twitter and a court ruling in Google's favor, YouTube is still blocked in Turkey. Accessing the video streaming site did get a little easier today however, as the Wall Street Journal has confirmed residents can once again use DNS servers from Google, Level3 and OpenDNS that will route them around the block. More easily implemented than using a VPN, it finally reopens access via those servers after they were blocked ten days ago. There's no public statement available from the ISPs or the Turkish government, but hopefully unrestricted access to the best YouTube has to offer is coming soon.
Turkish PM plugs Twitter DNS loophole, Facebook and YouTube could be blocked next
When Twitter went dark for users in Turkey earlier this week, it didn't take long for everyone to realize something was up. Prime Minister Erdoğan had reportedly threatened to pull the plug on the popular social network previously, before coming good on his word just hours later. The attempt to silence the platform, however, wasn't exactly well executed. People in the country were still able to send messages via SMS, and access was still available via the web by relatively simple means: using a VPN or by changing your PC's DNS settings. Today, it's reported that Erdoğan's attacks on the platform continue, with new reports suggesting that access to the DNS loophole being blocked.
iOS 7: Block iOS updates on your office network, avoid first-day upgrade overload
For those businesses or educational institutions with limited bandwidth and lots of iOS devices on their Wi-Fi infrastructure, a blast of iOS 7 updates -- each with its own hefty, lingering download -- could be a bit of a problem. Tomorrow it should be easy to spot the network admin: he or she will be the one with the extra-large coffee and the expression of rage verging on uncontrollable weeping. Over at the Enterprise iOS site, Tekserve's resident uber-geek and CTO Aaron Freimark has a sneaky suggestion for avoiding this sudden impact. Since Apple's update server (mesu.apple.com) has to be reachable in order for iOS devices to see and download the update, the temporary fix is simple: adjust your local DNS servers to redirect or block the update server until the fever passes. Freimark mentions Apple's upcoming Caching Server 2, a component of the OS X Mavericks Server package that will provide local instances of Apple downloads to reduce network load caused by iOS devices and Mac App Store purchases. Unfortunately, in a bit of a cache-22, you can't use the beta of Caching Server 2 to cache the iOS 7 update surge; iOS 6 devices don't see the server.
Daily Roundup: HTC 8XT for Sprint, Windows 8.1 heads to manufacturers, Galaxy Gear, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
GoDaddy acknowledges issues with sites, is 'working on it' (Update: DNS switched to VeriSign, 'most' customers back online)
GoDaddy looks to be having a rough one today. Users are complaining of issues with sites and email addresses tied to the popular and oft-controversial domain registrar. For the moment, GoDaddy's own site appears to be working just fine, though the company has acknowledge its woes via Twitter, noting, "we're aware of the trouble people are having with our site. We're working on it." According to TechCrunch, the outage has affected "millions of sites." Update: The company still hasn't commented on the source of the outage, but a tweet indicates "most customer hosted sites back online...no customer data compromised" Meanwhile, Wired notes GoDaddy has switched from self hosting DNS servers to those of its competitor, VeriSign. [Thanks to everyone who sent this in]
Google updates PageSpeed Service so you don't waste precious seconds waiting for pages to load
Last year, Google launched its PageSpeed Service, aiming to improve our experience across the web while reportedly deferring its own financial interests. The concept was sound -- similar services like Akamai work to accelerate web browsing by caching pages in much the same way -- but there's always room for improvement. The latest PageSpeed beta uses some straightforward techniques to improve performance even further, using a new rewriter called "Cache and Prioritize Visible Content." Using this new tool, your browser will load content that appears "above the fold" before fetching text and photos that would be initially hidden on the page, while also prioritizing other content ahead of Javascript, which often isn't needed as quickly as more basic elements. Finally, for pages that contain HTML that isn't cacheable, such as when personalized info is returned, standard portions of the site are cached and displayed immediately, while other content loads normally. The new tool isn't a perfect fit for every webpage, but we'll take a boost wherever we can get it.
DNSchanger standby servers will go dark Monday 7/9
It's pretty unlikely that your computer is among the 277,000 worldwide still affected by the DNSchanger malware (63,000 of them in the US, per the FBI and CIO Daily), but just in case you find yourself mysteriously knocked offline Monday morning, here's why. From 2007 until the law knocked on their door in early 2011, an Estonian hacker ring maintained a scam system where infected computers had their DNS settings changed to point to compromised, rogue servers controlled by the criminals. Over the course of their activity, about four million computers were affected worldwide; AV software and system updates cleared most of the malware, but not all of it. The good news is that these particular bad dudes are now in jail. The bad news is that for the infected computers that were pointing at the rogue DNS servers, simply taking the servers offline would have in turn caused the client computers to freak out. To prevent this, the FBI and other law enforcement took over the IP addresses for the rogue servers and have been running legitimate, well-behaved DNS servers there ever since. All good things must end, however, and the FBI isn't going to bear the costs of running those boxes any longer; they're getting turned off tomorrow. You can check your machine using McAfee's free online DNSchanger check, or use Macfixit's rundown to confirm that you're not pointed at the bogus DNS servers. Either way, you can use this opportunity to verify that you're using the optimal DNS settings for your network -- most likely your ISP's recommended settings, or nationwide DNS providers such as Google (8.8.8.8) or OpenDNS (208.67.222.222).
VeriSign revealed to have suffered repeated security breaches in 2010
It took some digging through more than 2,000 pages of SEC documents, but Reuters revealed today that VeriSign was attacked "repeatedly" by hackers in 2010, and that some undisclosed information was stolen from the company. The key danger there is the DNS records that the company manages -- which ensure that URLs take you to the correct website -- but VeriSign says that its executives "do not believe these attacks breached the servers that support our Domain Name System network." As Reuters notes, however, the company isn't ruling anything out. Details on the attacks themselves (or the exact number and timing of them) are otherwise hard to come by, but it's reported that VeriSign's security staff did not notify top management until September of 2011 -- although they are said to have "responded" to the attacks themselves.
White House responds to SOPA petition as hearing is delayed, DNS blocking on the outs
It's turned out to be a big weekend for those concerned about the controversial Stop Online Piracy Act. Yesterday came word that a key House hearing originally scheduled for Wednesday will be delayed until there is a "consensus" on the bill, and today the White House has issued an official statement on SOPA (and the Protect IP Act, its counterpart in the Senate) in response to a petition that drew thousands of signatures. While it doesn't go quite as far as to issue a firm veto threat from the President, it does lay out the administration's position in the clearest terms yet, including the condition that any proposed law "must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System." That follows word late last week that Representative Lamar Smith and Senator Patrick Leahy would indeed pull the DNS provisions from SOPA and PIPA. The White House statement is less specific in other respects, but it broadly states that the administration will "not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet." In related news, the planned blackouts to protest SOPA and PIPA only seem to be increasing, with the popular xda-developers forum recently announcing that it will go dark at 8AM on January 18th, and return either at 8PM or as soon as it's able to get 50,000 people to sign a pledge to contact their local Senator or Representative.
