Comment Re:No, it isn't (Score 1) 315
I don't have ctr installed, btw. It's a standard option.
I don't have ctr installed, btw. It's a standard option.
Ah, hold on. You're right enough.
It's the "Show search suggestions in location bar results" setting in Prefs->Search
I've got good news for you: switching it off in 55 stops suggestions from appearing in the url bar, so it's not being ignored.
You can switch it off with:
browser.urlbar.unifiedcomplete = false
Are there equivalent systems that can multiplex multiple simultaneous SMS sessions, from many customers texting to a single phone number, and from many agents, all seeming to text from the same phone number?
Yes.
Michel Siffre's been there, done that:
Thanks Larry. How's the yacht?
I'm at a loss here. You think when you do a reverse lookup you're only hitting the DNSSEC secured root servers? You really, genuinely don't understand how DNS works.
Well, it's been weird. I'm out. I hope your hosts file providers are never compromised, and your reverse lookups always return valid hostnames. Good luck. You'll need it.
You read the wikipedia page! Good for you!
Yes, it is it's own TLD. It's also delegated out from the root nameservers, so there's still no central storage point and you're still vulnerable if you're relying on reverse lookups.
None of that shows that you know anything about DNS. You're ranting into the abyss.
What have I done? Like you, noting of note. If we're waving our dicks about, though, I have a BSc in Computing Science, an RHCSA and an SCSA. I administer Unix, DNS and LDAP for a FTSE100 company.
And yet, here I am on Slashdot arguing with APK for some reason.
"ACTUAL STORAGE CENTRAL POINT FOR THEM"
Again, there is _no_ central storage for in-addr.arpa. The reverse records are delegated just like the A records are. Do you honestly think the root servers hold every single PTR record on the public internet?
You know, for someone who makes a lot of noise about hosts files and DNS, I'd expect you to at least understand how DNS works.
"...you even ADMIT I do get better security via my methods"
Umm, I didn't. I said quite specifically that your security is likely worse than just using DNS. But hey. If that's how you choose to configure your hosts, then that's great. Good luck to you.
I'll be out here in the badlands running with an empty hosts file, javascript switched on, frames enabled, cookies allowed, and Flash installed. Living the dream, baby.
Peace out, much love, etc.
1) Symantec is the only one of those sources I would even remotely trust, and I'd still be checking every single entry, even with them.
2) You _are_ relying on "ON A WORLD FULL OF UNPATCHED DNS SERVERS", unless you only ever visit the _exact_ hostnames _specifically_ entered in your hosts file, and _only_ if those site _only_ have links and included references (javascript sources, etc) which are _exactly_ listed in your hosts file.
Do me a favour - run wireshark on your PC, filter for port 53. See how often your host with its massive hosts file still relies on DNS. In terms of the problem the Fine Article talks about, you're no more protected than anyone else.
I'm not sure you understand how DNS works - the reverse entries are delegated to the IP space owners, so it's just as likely that the in-addr.arpa records are being poisoned, and so your reverse lookup check doesn't buy you much. It's better than not checking, but a well organised poisoning attack will be modifying PTR records to cover SSL full-circle checks anyway.
In fact, you're still trusting that DNS is sound to check your hosts files are coming from the right places, and then adding further vulnerability by trusting that A Bunch Of Suppliers aren't feeding you bogus entries.
Even if your hosts file _is_ OK, you still can't protect yourself from resolving xyz.domain.com entries, because hosts files can't use *.domain.com so you can't stop your PC from resolving rapidly changing subdomains.
So, in terms of poisoned host records you're actually more at-risk by using a huge custom hosts file, not less. Statically defining host records to 127.0.0.1 will protect you from reaching a known attack site, but fast-flux subdomains nullify that protection in a lot of cases, and for similar reasons it offers only limited protection from the Kaminsky attack.
Hmm. That's a lot of sources, any one of which could be compromised at any time.
P.S. in-addr.arpa PTR records are delegated from the root nameservers just like A records - doing reverse lookups doesn't buy you much in terms of security, if you're worried about hijacked DNS.
Work continues in this area. -- DEC's SPR-Answering-Automaton
