18549340
submission
Barlaam writes
"The Tunisian Internet Agency (Agence tunisienne d'Internet or ATI) is being blamed for the presence of injected JavaScript that captures usernames and passwords. The code has been discovered on login pages for Gmail, Yahoo, and Facebook, and said to be the reason for the recent rash of account hijackings reported by Tunisian protesters. Will Tunisia (and Algeria?) use these steps to counter another Green Revolution?"Link to Original Source
17921254
submission
Barlaam writes
"How has WikiLeaks managed not only to avoid takedown, but diversify its hosting to the point of virtual unstoppability? Renesys takes a look at the DNS mappings, routed IP prefixes, and service providers (and countries) that keep WikiLeaks on the air.
From the article:
"It's apparent that search and social infrastructure (Google and Twitter) now play a key role in re-spawning content that gets blocked in any one place, and drawing even more attention to the surviving copies. If suppressed content automatically goes viral, the Internet's construction basically guarantees that that content will have a home for the rest of time. If you attack DNS support, people will tweet raw IP addresses. If you take down the BGP routes to web content, people will put up more mirrors, or switch to overlay networks to distribute the data. You can't burn down the Library of Alexandria any more— it will respawn in someone's basement in Stockholm, or Denver, or Beijing.""Link to Original Source
16356080
submission
Barlaam writes
"Renesys describes new evidence that the Iranian national telecommunications provider, DCI, is selling (uncensored?) Internet connectivity to customers in neighboring Iraq and Afghanistan:
"The Internet connectivity outreach that we now see in the global routing tables seems like continuing evidence of Iran's long-term strategy: aggressively pursuing bilateral infrastructure and investment projects with its neighbors, in ways that will increase Iran's regional influence after the Americans have moved on.""Link to Original Source
11688002
submission
Barlaam writes
"Could a single actor (state-sponsored or otherwise) crash the Internet and bring civilization to a halt? The Renesys Blog tries to bust the myth of the Chinese Cybernuke, explores 3 options for constructing one, and finds it Plausible (if only just)."Link to Original Source
9527678
submission
Barlaam writes
""Where does the Iranian government purchase its international Internet transit? Think for a moment about the constraints that they have to satisfy. They need enough capacity to sustain a 21st century information economy. They want to maintain centralized control over all that information. They have the challenge of maintaining adequate logical and physical diversity, so that a single point of failure can't take down the whole country's Internet access (unless they choose to do so themselves!). And they have the additional headache of choosing providers that are geopolitically diverse, to route around sanctions and military threats." Enter the Russians."Link to Original Source
4941619
submission
Barlaam writes
"Web proxies have played a key role this week in keeping the Internet open in Iran, despite the government's censorship and deep packet inspection. Now Renesys has used Google Earth to create a geographic visualization of Iran's domestic and international Internet connections, as well as nearly two thousand proxies spread over 87 countries worldwide. Open web proxies found on Twitter were drawn as parabolic arcs, "fountaining" out of a cable landing or Internet traffic exchange point that makes approximate sense for their Iranian Internet routing. For example, all of the contributed web proxies in Europe were drawn from the Marseilles termination of the Sea-Me-We-4 cable, and the web proxies in Turkey were drawn in light blue, radiating from Ankara, where the Iran-Turkey gas pipeline passes through on its way from Bazargan to European markets."Link to Original Source
3513469
submission
Barlaam writes
"A bug by router vendor A (omitting a range check from a critical field in the configuration interface) tickled a bug from router vendor B (dropping BGP sessions when processing some ASPATH attributes with length very close to 256), causing a ripple effect that caused widespread global routing instability last week. The flaw lay dormant until one of vendor A's systems was deployed in an autonomous system whose ASN, modulo 256, was greater than 250. At that point, the Internet was one typo away from disaster. Other router vendors, who were not affected by the bug, happily propagated the trigger message to every vulnerable system on the planet in about 30 seconds. Few people appreciate how fragile and unsecured the Internet's trust-based critical infrastructure really is — this is just the latest example."Link to Original Source
699063
submission
Barlaam writes
"It shouldn't be too hard to see that you could end up answering every DNS query from an organization that came to you for an updated list of root name servers. Every one. And you might end up doing this for a very long time, especially if your answers were largely correct. An attack like this would have no resemblance to the YouTube hijack, where the entire planet gets a blank page and it's immediately apparent that something isn't right. Obvious events like this will continue to occur, and we'll continue to resolve them relatively quickly. But as this incident demonstrates, DNS hijacks are far less obvious and potentially far more harmful."Link to Original Source
679610
submission
Barlaam writes
"Quoting: 'ICANN has also been monitoring the results returned by these IP addresses through the entire time it was advertised, and believes it was always providing accurate root responses throughout its existence. ICANN continues to work with the root server operator community to improve monitoring and analysis of the root server system, aiming to ensure the continued security and stability of this critical component of the Internet.'"Link to Original Source
