Stéphane Bortzmeyer
boosted
Anyway, let's hope that RFC 10034 and 10035 are reserved for 2 big straws for the #DNS camel 😇
Mallory Knodel
and 1 other
boosted
Every day, Quad9 helps protect more than 100M users globally from malware, phishing, and online threats — completely free of charge and without collecting personal data.
This #GivingTuesday, please consider making a donation to continue our work. Your support helps sustain a public-benefit cybersecurity service that puts users first, not profit.
Together, we can keep building a more secure and privacy-respecting internet. 🫶
Good morning, Paris! First day of #SplinterCon https://splintercon.net/ but don't expect too many details online, this is under Chatham House rule.
(And, yes, I talk #DNS here.)
Emily Gladstone Cole
boosted
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
Demain, à #SplinterCon, je parle du #DNS (surprise) en relation avec le risque de fragmentation de l'Internet (et aussi de décentralisation).
Si vous avez des opinions ou des faits à ce sujet, n'hésitez pas. (Dire « Web3 » vous vaudra un bannissement à vie de toutes les instances fédivers.)
Stéphane Bortzmeyer
boosted
🔎 Lors de la recherche d’information sur un nom de domaine, il arrive parfois que la mention « ClientHold » apparaisse.
📝 Dans ce nouvel article de Stéphane Bortzmeyer, découvrez :
🔵 Ce que signifie cet état.
🔵 Les conséquences pratiques de cet état du nom de domaine et des autres via des services de recherche d’un nom de domaine (RDAP, Whois…).
🔗 Pour en savoir plus : https://www.afnic.fr/observatoire-ressources/papier-expert/le-nom-de-domaine-dans-tous-ses-etats/
dch :flantifa: :flan_hacker:
boosted
God dammit! I typo-ed a manual #DNS zone update to serial 2925112700 instead of 2025112700.
Fortunately, I know the fix for this because I have done this once before about 25 years ago.
You set the serial number in the SOA to the highest possible value, which is 2^32-1, or 4294967295. Push that to the secondaries, and then reload the zone again with the proper serial number.
It's like that episode of Futurama where they can't go backwards in time, so they rollover to the end of the universe, only to discover that it starts all over again.
A message comes in: a website is not responding. Or rather, it responds but it crawls.
It is a WordPress with a few plugins, all in good shape.
I log in and the load is near zero, traffic is tiny. I start digging and nothing makes sense. I run the command "w" and the machine is frozen.
Nothing in the logs.
Then the light bulb goes on:
"ping bsd.cafe"
No resolution.
The provider’s upstream DNS servers (set in a hurry, I normally install a local unbound) are not responding and everything grinds to a halt. I switch the DNS servers and everything magically starts working again.
Of course it was DNS! 🙂
Anyway, let's hope that RFC 10034 and 10035 are reserved for 2 big straws for the #DNS camel 😇
Azure: Zone-redundantes NAT Gateway und 400-Gigabit-ExpressRoute
Microsoft erweitert Azure Networking um zonenredundantes NAT Gateway V2 und kündigt 400-Gigabit-ExpressRoute für 2026 an. Neue Sicherheitsfeatures inklusive.
#CloudComputing #DNS #Grafikchip #IT #KünstlicheIntelligenz #Kubernetes #Microsoft #Security #VPN #news
Our authoritative #DNS nameserver NSD has always been known for its reliability and raw speed. While stability has always remained a hallmark feature, in recent years pure performance fell behind our ambitions.
To bring NSD back to the front of the pack, we planned four major improvements: After the SIMD capable zone file parser and AF_XDP sockets, we now released NSD 4.14.0 with refactored RDATA storage, reducing the memory footprint.
Next up: a faster database.
Quad9 DOH HTTP/1.1 Retirement, December 15, 2025
https://quad9.net/news/blog/doh-http-1-1-retirement/
#HackerNews #Quad9 #DOH #HTTP/1.1 #Retirement #December #15 #2025 #Cybersecurity #DNS #Privacy #TechNews
Every day, Quad9 helps protect more than 100M users globally from malware, phishing, and online threats — completely free of charge and without collecting personal data.
This #GivingTuesday, please consider making a donation to continue our work. Your support helps sustain a public-benefit cybersecurity service that puts users first, not profit.
Together, we can keep building a more secure and privacy-respecting internet. 🫶
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
marc0s
and 1 other
boosted
Urgent Call for EU Legislative Protection of Core Internet Security Infrastructure
A letter from our General Manager @f0r573r
🔎 Lors de la recherche d’information sur un nom de domaine, il arrive parfois que la mention « ClientHold » apparaisse.
📝 Dans ce nouvel article de Stéphane Bortzmeyer, découvrez :
🔵 Ce que signifie cet état.
🔵 Les conséquences pratiques de cet état du nom de domaine et des autres via des services de recherche d’un nom de domaine (RDAP, Whois…).
🔗 Pour en savoir plus : https://www.afnic.fr/observatoire-ressources/papier-expert/le-nom-de-domaine-dans-tous-ses-etats/
God dammit! I typo-ed a manual #DNS zone update to serial 2925112700 instead of 2025112700.
Fortunately, I know the fix for this because I have done this once before about 25 years ago.
You set the serial number in the SOA to the highest possible value, which is 2^32-1, or 4294967295. Push that to the secondaries, and then reload the zone again with the proper serial number.
It's like that episode of Futurama where they can't go backwards in time, so they rollover to the end of the universe, only to discover that it starts all over again.