Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Oracle Releases SPARC T5 Servers; Too Late?

ilikejam Re:Probably not. (175 comments)

Thanks Larry. How's the yacht?

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:DNSSEC & Root 13 DNS servers... apk (313 comments)

I'm at a loss here. You think when you do a reverse lookup you're only hitting the DNSSEC secured root servers? You really, genuinely don't understand how DNS works.

Well, it's been weird. I'm out. I hope your hosts file providers are never compromised, and your reverse lookups always return valid hostnames. Good luck. You'll need it.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:Did you see the topic of this article? (313 comments)

You read the wikipedia page! Good for you!

Yes, it is it's own TLD. It's also delegated out from the root nameservers, so there's still no central storage point and you're still vulnerable if you're relying on reverse lookups.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:I also know this, per this article, lol... apk (313 comments)

None of that shows that you know anything about DNS. You're ranting into the abyss.

What have I done? Like you, noting of note. If we're waving our dicks about, though, I have a BSc in Computing Science, an RHCSA and an SCSA. I administer Unix, DNS and LDAP for a FTSE100 company.

And yet, here I am on Slashdot arguing with APK for some reason.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:Did you see the topic of this article? (313 comments)

"ACTUAL STORAGE CENTRAL POINT FOR THEM"
Again, there is _no_ central storage for in-addr.arpa. The reverse records are delegated just like the A records are. Do you honestly think the root servers hold every single PTR record on the public internet?

You know, for someone who makes a lot of noise about hosts files and DNS, I'd expect you to at least understand how DNS works.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:For Pete's sake enough (you're non-sequitur) (313 comments)

"...you even ADMIT I do get better security via my methods"
Umm, I didn't. I said quite specifically that your security is likely worse than just using DNS. But hey. If that's how you choose to configure your hosts, then that's great. Good luck to you.

I'll be out here in the badlands running with an empty hosts file, javascript switched on, frames enabled, cookies allowed, and Flash installed. Living the dream, baby.

Peace out, much love, etc.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:WRONG again on THIS too... apk (313 comments)

1) Symantec is the only one of those sources I would even remotely trust, and I'd still be checking every single entry, even with them.
2) You _are_ relying on "ON A WORLD FULL OF UNPATCHED DNS SERVERS", unless you only ever visit the _exact_ hostnames _specifically_ entered in your hosts file, and _only_ if those site _only_ have links and included references (javascript sources, etc) which are _exactly_ listed in your hosts file.

Do me a favour - run wireshark on your PC, filter for port 53. See how often your host with its massive hosts file still relies on DNS. In terms of the problem the Fine Article talks about, you're no more protected than anyone else.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:It's more secure than DNS queries... apk (313 comments)

I'm not sure you understand how DNS works - the reverse entries are delegated to the IP space owners, so it's just as likely that the in-addr.arpa records are being poisoned, and so your reverse lookup check doesn't buy you much. It's better than not checking, but a well organised poisoning attack will be modifying PTR records to cover SSL full-circle checks anyway.
In fact, you're still trusting that DNS is sound to check your hosts files are coming from the right places, and then adding further vulnerability by trusting that A Bunch Of Suppliers aren't feeding you bogus entries.
Even if your hosts file _is_ OK, you still can't protect yourself from resolving xyz.domain.com entries, because hosts files can't use *.domain.com so you can't stop your PC from resolving rapidly changing subdomains.
So, in terms of poisoned host records you're actually more at-risk by using a huge custom hosts file, not less. Statically defining host records to 127.0.0.1 will protect you from reaching a known attack site, but fast-flux subdomains nullify that protection in a lot of cases, and for similar reasons it offers only limited protection from the Kaminsky attack.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:My data sources do... apk (313 comments)

Hmm. That's a lot of sources, any one of which could be compromised at any time.

P.S. in-addr.arpa PTR records are delegated from the root nameservers just like A records - doing reverse lookups doesn't buy you much in terms of security, if you're worried about hijacked DNS.

about a year and a half ago
top

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ilikejam Re:How custom hosts files help vs. DNS flaws... ap (313 comments)

APK - what's to stop someone poisoning one of the source hosts files you use to generate yours? Like, for example, adding an entry for google.com which points to a drive-by infection site?

about a year and a half ago
top

Ask Slashdot: Server Room Toolbox?

ilikejam Re:Leatherman (416 comments)

Swiss army knives are legal. Locking blades (e.g. leatherman) and blades over 3 inches will get you jailed though.

about 2 years ago
top

Ask Slashdot: Simple Way To Backup 24TB of Data Onto USB HDDs ?

ilikejam Re:USB and disk Speed (405 comments)

No. No it is not.

more than 2 years ago
top

Judge Rules API's Can Not Be Copyrighted

ilikejam SCOracle (365 comments)

Don't pay your Java licensing fees, you cock-smoking teabaggers!

more than 2 years ago
top

Christopher Hitchens Dies At 62

ilikejam Re:Not all religions are bad (910 comments)

You'd think the almighty creator of the heavens and the earth and everything that resides therein would be able to, y'know, get his book of rules right first time round. Wouldn't you?

more than 2 years ago
top

Is the Sparc T4 Too Little Too Late?

ilikejam Re:Old news (128 comments)

Gah. Beaten to it. By an hour.

Balls.

about 3 years ago
top

Is the Sparc T4 Too Little Too Late?

ilikejam Re:Old news (128 comments)

Are they out of order?

about 3 years ago
top

Groupon Loses COO, Drastically Cuts Reported Revenue

ilikejam Re:Ethics? (131 comments)

<scottish_accent>
10 coos in a field. Which one's closest to Iraq?
Coo 8.

10 coos in a field. Which one's on holiday?
The one with the wee calf.
</scottish_accent>

about 3 years ago
top

DARPA Loses Contact With Hypersonic Glider

ilikejam Re:Signalling (194 comments)

It's pretty much just a microphone at the base station and an ultra high frequency speaker on the aircraft, so not much.
Still trying to figure out what went wrong.

--
ilikejam
CEO, Acoustic Data Transceivers Inc.

more than 3 years ago

Submissions

ilikejam hasn't submitted any stories.

Journals

ilikejam has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?