-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SocialDNS: Free Domains for a Free Internet

,----[ Quote ]
| John Sullivan (FSF) invited me to present in this mailing list the SocialDNS
| project (http://www.socialdns.net).
| I am very interested in obtaining feedback from the GNU community because we
| want to submit our project to the Free Software Directory soon.
`----

http://lists.gnu.org/archive/html/gn.../msg00030.html

Supporting your free software? Don't burn out

,----[ Quote ]
| It’s just like any other kind of service profession. You have to establish
| some kind of limits on how far you’ll go to help people, or they will eat you
| alive! This is the main reason I don’t like service professions—I worked as a
| telephone support tech for a Hewlett Packard contractor, and lasted about
| four months before I had to bail.
`----

http://www.freesoftwaremagazine.com/..._dont_burn_out

"Monopoly raises two classes of problems for a free society. First, the
existence of monopoly means a limitation on voluntary exchange through a
reduction in the alternatives available to individuals. Second, the existence
of monopoly raises the issue of “social responsibility”, as it has come to be
called, of the monopolist."

--Milton Friedman


Recent:

DNS poisoners hijack typo domains

,----[ Quote ]
| People arrive at these pages when the domain name they request is
| unavailable, because, for example, they mistyped the URL. ISPs use this
| redirection method, known as Typosquatting, to advertise free domains or
| competing products. In the present case, however, clients don't arrive on the
| Typosquatter pages, but on pages with a crafted trojan.
`----

http://www.heise.de/english/newsticker/news/114706


DNS Patches Slow Servers, but Fast Action Is Advised

,----[ Quote ]
| Microsoft issued a mea culpa about its DNS update on July 17, saying that the
| patch was crippling some machines running its Windows Small Business Server
| suite. Then, on July 25, it said the patch could also affect some network
| services on systems running Windows Server 2008, Windows Server 2003 and
| Windows 2000. In both instances, Microsoft detailed work-arounds.
`----

http://computerworld.com/action/arti...&intsrc=kc_top


Microsoft DNS fix causes trouble for some

,----[ Quote ]
| The Microsoft Corp. released a DNS fix in its patch slate for July, but the
| company seems to have problems just getting it to end users. Moreover, some
| users of the DNS fix have experienced additional difficulties.
|
| So far, since Microsoft's DNS fix was issued on July 10, there have been two
| separate problems associated with its installation.
`----

http://www.gcn.com/online/vol1_no1/46704-1.html


SUBJECT: Microsoft SWI blog inaccuracies

,----[ Quote ]
| As you know, 3 weeks ago I published my paper, "Microsoft
| Windows DNS Stub Resolver Cache Poisoning"
| (http://www.trusteer.com/docs/Microso...NS_cache_poiso
| ning.pdf),
|
| simultaneously with Microsoft's release of MS08-020
| (http://www.microsoft.com/technet/sec.../MS08-020.mspx).
| A day later, Microsoft's Secure Windows
| Initiative (SWI) team published their blog entry for MS08-
| 020
| (http://blogs.technet.com/swi/archive...how-predictabl
| e-is-the-dns-transaction-id.aspx).
|
| Unfortunately, the SWI blog entry contains two serious
| mistakes. The first mistake is an inaccurate description of
| the PRNG used for the Microsoft Windows DNS client
| transaction ID. The second mistake is SWI's claim that
| "attackers cannot predict a guaranteed, known-next TXID
| exactly even with this weakness".
|
| I contacted Microsoft about those mistakes, and while
| Microsoft did not refute my statements, they also refused
| to revise the blog entry. On one hand, I am inclined to tag
| this as a simple unwillingness on the side of the vendor to
| revise its materials and admit its mistakes. On the other
| hand, I cannot ignore the fact that the two mistakes, when
| combined, result in misleading the blog reader about the
| nature and the severity of the problem.
|
| [...]
|
| This is in stark contrast to SWI's claims. Furthermore,
| Microsoft did have the full paper (actually, a draft of it
| which contains all the relevant technical information) well
| before the SWI blog was published. So the problem here is
| not an issue of SWI not having access to the paper when
| they wrote their blog entry.
`----

http://www.securityfocus.com/archive/1/491392


Related:

Microsoft preps 133 patches for Windows DNS hole

,----[ Quote ]
| Microsoft is working on 133 separate updates for the problem, Budd wrote.
`----

http://news.com.com/8301-10784_3-9710490-7.html


Microsoft DNS Server Attacks Continue

,----[ Quote ]
| The concept enables malicious users to run code remotely under the
| system privileges generally granted to the DNS service itself.
`----

http://www.betanews.com/article/Micr...nue/1176828918


Microsoft: Patch for critical DNS flaw may be ready by 8 May

,----[ Quote ]
| The cmopany has been under pressure to address the flaw, reported
| last week, since software that exploits it has now been widely
| disseminated, and criminals are beginning to use it in attacks.
`----

http://www.computerworlduk.com/techn...fm?newsid=2650
http://tinyurl.com/27wje2


Attack code raises Windows DNS zero-day risk

,----[ Quote ]
| At least four exploits for the vulnerability in the Windows domain
| name system, or DNS, service were published on the Internet over the
| weekend, Symantec said in an alert Monday.
`----

http://news.zdnet.com/2100-1009_22-6176429.html


Cybercrooks exploiting new Windows DNS flaw

,----[ Quote ]
| Cybercrooks are using a yet-to-be-patched security flaw in certain
| Windows versions to attack computers running the operating systems,
| Microsoft warned late Thursday.
`----

http://news.zdnet.com/2100-1009_22-6175743.html


Microsoft's advisories giving clues to hackers

,----[ Quote ]
| How's this for a new twist on the old responsible disclosure debate:
| Hackers are taking advantage of information released in Microsoft's
| pre-patch security advisories to create exploits for zero-day
| vulnerabilities.
`----

http://blogs.zdnet.com/security/?p=167


DNS security improves as firms tool up to tackle spam

,----[ Quote ]
| Infoblox's survey found that the number of internet-facing DNS servers
| increased from 9m in 2006 to 11.5m in 2007, indicative of the overall growth
| of the internet. Percentage usage of the most recent and secure version of
| open-source domain name server software - BIND 9 - increased from 61 per cent
| to 65 per cent over the last year. Use of BIND 8, by contrast, dropped from
| 14 per cent in 2006 to 5.6 per cent this year. Usage of the Microsoft DNS
| Server on web-facing systems also fell, decreasing to to 2.7 per cent in 2007
| from five per cent last year. * * *
`----

http://www.theregister.co.uk/2007/11...curity_survey/


Use of rogue DNS servers on rise

,----[ Quote ]
| The paper estimates roughly 68,000 servers on the Internet are returning
| malicious Domain Name System results, which means people with compromised
| computers are sometimes being directed to the wrong Web sites — and often
| have no idea. *
`----

http://news.yahoo.com/s/ap/20080213/...rvers_that_lie
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkj32xsACgkQU4xAY3RXLo4F3gCghhFAHsnEVd bxH7LWpnDdn6NL
04gAnA0iO0jIGQBv7M62ZLaDOU+BpVu4
=Pg8U
-----END PGP SIGNATURE-----