DNS
Latest
ICANN says it won't kick Russia off the internet
On Monday, Ukraine petitioned ICANN to turn off Russia's internet over its invasion. On Thursday, ICANN politely refused.
Facebook explains how its October 4th outage started
Following Monday’s massive service outage that took out all of its services, Facebook has published a blog post detailing what happened yesterday.
Cloudflare outage cuts off connections to Discord, DownDetector and others
Discord, Feedly and other services were unreachable for many on Friday afternoon due to an outage at Cloudflare. Cloudflare said the problem lasted for 23 minutes due to a routing issue in its backbone.
Microsoft is patching a dangerous Windows DNS Server exploit
If you're running a Microsoft DNS server, patch it, now.
Comcast is the first ISP to join Mozilla's push for more secure browsing
Comcast is the first internet provider to join a Mozilla program that uses encrypted DNS for more secure web browsing.
The price of a .com domain is set to rise, and some sellers aren't happy
If you're the sort who buys domains for fun, or to inspire you to start a future project, your hobby's about to get a little pricier. ICANN is just days away from ending a consultation into the future of the .com top-level domain that'll put an end to Obama-era price freezes. If successful, it'll see the cost of a .com address rise by two bucks by the end of 2026, and potentially more thereafter.
Google faces scrutiny from Congress, DOJ over plans to encrypt DNS
Google's bid to encrypt domain name requests appears to be raising hackles among American officials. The Wall Street Journal has learned that the House Judiciary Committee is investigating Google's plans to implement DNS over HTTPS in Chrome, while the Justice Department has "recently received complaints" about the practice. While Google says it's pushing for adoption of the technology to prevent spying and spoofing, House investigators are worried this would give the internet giant an unfair advantage by denying access to users' data.
Firefox will encrypt web domain name requests by default
Mozilla's Firefox privacy protections will soon include one of the most basic tasks for any web browser: fielding the domain name requests that help you visit websites. The developer will make DNS over encrypted HTTPS the default for the US starting in late September, locking down more of your web browsing without requiring an explicit toggle like before. Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring.
Cloudflare's privacy-focused DNS app adds a free VPN
Cloudfare's 1.1.1.1 DNS service will add a VPN to its app for mobile devices. Known as Warp, the feature will gives users of the DNS resolver even more privacy while browsing the internet on their phone. Though the 1.1.1.1 DNS service already keeps your carrier from tracking your browser history, it doesn't encrypt your internet traffic. Setting up encryption manually on Cloudfare's DNS server, while possible, required some Linux prowess.
Internet gatekeeper warns of 'ongoing and significant' DNS attacks
If you ask one key organization, part of the internet's very backbone is under assault. ICANN, the company vital to managing many internet addresses, has warned of "ongoing and significant" risks to the Domain Name System infrastructure. There have been escalating reports of attacks on DNS, ICANN said, including hijacking attempts that point domain visitors to rogue servers. Some of these appear to have been state-sponsored attacks from Iran, while others have targeted the US as well as friendlier countries like Lebanon and the UAE.
Cloudflare's privacy-focused 1.1.1.1 service is available on phones
Cloudflare launched its 1.1.1.1 service in April as a bid to improve privacy and performance for desktop users, and now it's making that technology available to mobile users. The company has released 1.1.1.1 apps for Android and iOS that switch the DNS service on and off with a single button press. So long as it's on, it should be harder for your internet provider to track your web history, block sites or redirect traffic. You might also see performance improvements, particularly in areas where connections aren't particularly fast to begin with.
Permanent LTE exploits steer users to rogue websites
LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent flaws in LTE to direct users to hostile websites. An active exploit uses the lack of integrity checks in LTE's lower layers to modify the text inside a data packet. Since that's easy to determine with DNS packets, which direct traffic to website addresses, you can steer requests to malicious DNS servers and thus take the user to a website of your choice.
Hackers steal over $150,000 in cryptocurrency with DNS scam
MyEtherWallet (MEW) is one of the most popular online wallets for cryptocurrency. Now, it appears that the site was the subject of a DNS hack and some users lost their money. MEW wasn't directly hacked or compromised; instead, it looks as though DNS servers were targeted and users were redirected to phishing websites instead of visiting MEW.
Cloudflare makes it harder for ISPs to track your web history
If you're privacy-minded, you probably aren't thrilled that governments seem hell-bent on giving internet providers free rein over your browsing data. Cloudflare just gave you a tool to fight back, however. It launched 1.1.1.1, a free Domain Name System service (the technology that translates IP addresses to web domains) that promises to prevent ISPs from easily tracking your web history. Point your DNS setting to the namesake address and it'll not only prevent your ISP from easily monitoring your site visits (by watching the DNS queries your devices make), but just about anyone else.
BitTorrent client exploits could let rogue websites control your PC
BitTorrent's peer-to-peer app and its lightweight uTorrent counterpart are susceptible to particularly nasty hijacking flaws. Google researcher Tavis Ormandy recently detailed a host of DNS rebinding exploits in Windows versions of the software that lets attackers resolve web domains to the user's computer, essentially giving the intruders the keys to the kingdom. They could execute remote code, download malware to Windows' startup folder (making it launch on the next reboot), grab downloaded files and look at your download history. The flaws touch on all unpatched versions, including uTorrent Web.
Blizzard games were vulnerable to a remote hijacking exploit
Fans of Blizzard games might have dodged a bullet. Google security researcher Tavis Ormandy has revealed that virtually all the developer's titles (including Overwatch and World of Warcraft) were vulnerable to a DNS rebinding flaw that let sites hijack the Blizzard Update Agent for their own purposes. Intruders had to do little more than create a hostname their site was authorized to communicate with, make that resolve to the target of their choice (such as the victim's PC) and send requests to the agent. From there, they could install malicious files, use network drives or otherwise create havoc.
Android is getting a feature that encrypts website name requests
Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS.
Facebook and Instagram go down for Virgin Media customers
If you're a Virgin Media customer and you're experiencing issues trying to access Facebook or Instagram, you are not alone. The broadband provider has admitted that customers have been unable to access Facebook services, including Facebook.com and Messenger. A fix is on its way, but the company warns that some customers could frozen out of their favourite social networks until later this evening.
Trojan uses a key internet feature to receive marching orders
If malware uses a remote command-and-control server to function, it's relatively easy to cripple it by blocking the internet addresses it uses. It's not always that easy, however, and researchers at Cisco's Talos group have found a textbook example of this in action. A recently discovered Windows PowerShell trojan, DNSMessenger, uses the Domain Name Service for communication -- you know, one of the cornerstones of the internet. Few computer users are equipped to block DNS without causing other problems, and they might not notice unusual data traffic even if they're looking for it. While using DNS isn't completely unheard of, DNSMessenger uses an "extremely uncommon" two-way approach that both sends commands to victim machines and sends results back to the attacker.
When vending machines attack (a university)
We are marching toward certain doom at the hands of an angry Skynet of our own invention. Need proof? This week a school was attacked by its own soft drink vending machines. You read that right.