Security Alerts for the Week Ending 7/18/2010

feeds | grep links > Origin of the Blink Tag, Blocking Political Speech with Copyright, 3D Information Storage, and More

TCLP 2010-02-28 News

This is news cast 207, an episode of The Command Line Podcast.

In the intro, explaining my advertise experiment, a change to the podcast’s license going forward, and OggCamp 10.

This week’s security alerts are OpenDNS adopts and explains DNSCurve and anatomy of a SQL injection attack.

In this week’s news a new technique for improve random number generation, circumvention is not enough to foil censorship, trade association wants USTR to equate open source with piracy (I’ve talked about the watch list being abused previously and Jesse Brown at Search Engine has an excellent discussion), and an early computer manual encourage bypassing proto-DRM.

Following up this week the internet chapter of ACTA has leaked.


Grab the detailed show notes with time offsets and additional links either as PDF or OPML. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

ICANN to Prohibit Redirect of DNS Misses

Iljitsch van Beijnum at Ars has news of a well substantiated draft memo that would forbid top level domain operators from re-directing to a page of their own when a name server lookup fails.  The problem originally garnered much attention when Verisign introduced their Site Finder offering which obscured failed domain name look ups with a helpful error page that also happened to carry ads.  Verisign’s motivation was pretty transparently the ad revenue they were able to rake in essentially for free and they ultimately backed down after mass criticism over the practice.

As the article notes, what all the expert input boils down to is that re-directing on a lookup failure breaks DNS, denying machines on the network the ability to legitimately tell when a domain doesn’t exist.

This memo, should it move forward into policy, wouldn’t stop a similar practice by some ISP’s like Verizon.  The difference, as the article explains, is that re-direction by an ISP usually carries an opt-out and as long as the top level servers work as expected, a determined user can stand up their own DNS server that bypasses any sort of re-direction or any other sort of tinkering with DNS resolution requests.