Sitefinder: Not Blasted.

Ross Rader points to a theory that Verisign’s sitefinder may be experiencing something like a denial of service attack due to, among others, side effects from the Blaster worm’s attempted attack on windowsupdate.com. Florian Weimer rebuts that the…

Ross Rader points to a theory that Verisign’s sitefinder may be experiencing something like a denial of service attack due to, among others, side effects from the Blaster worm’s attempted attack on windowsupdate.com.Florian Weimer rebuts that theory: The NS record continued to exist for windowsupdate.com, and that is enough to keep the wildcard from kicking in and synthesizing A records.

Grimmelmann on Sitefinder.

James Grimmelmann, at LawMeme: Attention so far has been focusing on the ethics of the move (positive satanic), its effects on DNS and non-Web applications (Considered Harmful), and on possible technical responses …. On the legal side of the fen…

James Grimmelmann, at LawMeme: Attention so far has been focusing on the ethics of the move (positive satanic), its effects on DNS and non-Web applications (Considered Harmful), and on possible technical responses …. On the legal side of the fence, though, we’re not just talking about a can of worms. We’re talking about an oil drum of Arcturan Flesh-Eating Tapeworms.(Ross Rader reports that the first Arcturan Flesh-Eating Tapeworm has crawled out of the oil drum.)

Anonymization Service wins in Court.

Heise News reports that the district court in Frankfurt/Main has found that there was no base in law for an earlier order from a lower court that had required the JAP anonymizing proxy to implement a “crime detection feature.” This feature would l…

Heise News reports that the district court in Frankfurt/Main has found that there was no base in law for an earlier order from a lower court that had required the JAP anonymizing proxy to implement a “crime detection feature.” This feature would lift the anonymity of those who would use the service to access a specific web site.When the district court had suspended enforcement of that order earlier this month, police searched the anonymization service; the data collected while the (illegal) surveillance measures were in place were turned over. This search is the topic of separate court proceedings.Press release.

Postfix patched to deal with sitefinder side-effects.

Wietse Venema has just announced a new snapshot of his excellent Postfix mail transport agent. One of the two changes: Support to black-list domains by their mail servers or by their name servers. This can also be used to block mail from domains t…

Wietse Venema has just announced a new snapshot of his excellent Postfix mail transport agent. One of the two changes: Support to black-list domains by their mail servers or by their name servers. This can also be used to block mail from domains that resolve to Verisign’s mail dump for non-existent domains.

Sitefinder v. Backup MX.

Thinking about specific problems with sitefinder, here’s a mail loss scenario: A site (a.net) is using a server in a different domain (b.net) as its backup MX. That server’s domain expires and goes into the redemption grace period, or does not hav…

Thinking about specific problems with sitefinder, here’s a mail loss scenario: A site (a.net) is using a server in a different domain (b.net) as its backup MX. That server’s domain expires and goes into the redemption grace period, or does not have any explicit name servers listed in the TLD zone for some other reason.Image a.net’s mail server is unreachable for a short period of time, because of maintenance. In the pre-Sitefinder world, e-mail for a.net would be queued up, since the backup MX can’t be found. In the world according to Sitefinder, e-mail to a.net is directed to Verisign’s “Snubby Mail Rejector Daemon”, and (to the extent that Snubby works as intended) discarded.

BIND 9.2.2-P1 can block sitefinder.

BIND 9.2.2-p1 now supports tagging zones as “delegation-only”. This can be used to filter out “wildcard” or “synthesized” data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest. This effectively m…

BIND 9.2.2-p1 now supports tagging zones as “delegation-only”. This can be used to filter out “wildcard” or “synthesized” data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest.This effectively means that sitefinder-type records can now be blocked in ISPs’ name servers.

Notes from the registrars’ whois session in MdR.

Bruce Tonkin has posted notes from the WHOIS discussion that was held in Marina del Rey a week ago. The registrars’ priorities according to these notes seem to be (in this order) restricting data mining, changing the amount of data that must be di…

Bruce Tonkin has posted notes from the WHOIS discussion that was held in Marina del Rey a week ago. The registrars’ priorities according to these notes seem to be (in this order) restricting data mining, changing the amount of data that must be displayed to the general public, and further addressing accuracy issues raised by the IP and law enforcement communities.

Rader to Neumann.

Ross Rader on Jeff Neumann: On a day when half of the internet’s smartest engineers are pointing out dozens of different applications and processes that have been broken by Verisign’s actions, its hard to believe a lawyer that is arguing the oppos…

Ross Rader on Jeff Neumann: On a day when half of the internet’s smartest engineers are pointing out dozens of different applications and processes that have been broken by Verisign’s actions, its hard to believe a lawyer that is arguing the opposite.See also: Tim Ruiz’ response.

%d bloggers like this: