Posts tagged Security
The FBI will be shutting down the temporary DNS servers that they set up to support Internet users that were compromised with DNSChanger malware. Anyone still using those DNS servers will be unable to resolve host names, which will effectively render them unable to do pretty much anything online until they clean up their infected system.
On November 8th 2011, the FBI, in conjunction with NASA-OIG and Estonian police, arrested several criminals operating under the company name “Rove Digital”. Rove Digital had been distributing DNS changing viruses (TDSS, Alureon, TidServ and TDL4). They then routed victims through their own DNS servers in order to direct traffic to junk ads. They infected around 4 million users, and made a reported $14Million before getting shut down.
With such a large number of compromised users relying on Rove Digital’s DNS servers for their Net access, the FBI decided to temporarily leave the DNS servers up and running to give people time to clean up their infected systems. Because people have been slow about cleaning up their computers, the FBI extended their original March deadline to Monday July 9th.
If you would like to verify that your computer is clean, you can go to http://www.dcwg.org/detect/ for a list of safe sites that you can use to check. Should you find that you have a compromised computer, they have good resources available to help you clean up your system.
We’ve been working on building a proper vmForge account creation and management site, so for the last couple of weeks I’ve worked a lot with the vCloud API. It’s a RESTful system, which means everything’s done by getting XML from and posting XML to a web server. It’s perhaps not the worst API I’ve ever worked with, but its tedious to work through. Even more so because their parser is insanely pedantic, to the point of requiring elements in a specific order. So that’s a point in PHP’s favor, that it maintains key order in associated arrays.
If you wanted to learn how to use Juniper networking gear, and especially get some exposure to JunOS, their network OS based on FreeBSD that you need to configure almost all the Juniper devices with, there are many free or reasonable learning options available.
Passwords. It seems like most people, when asked, will tell you that it’s important to use strong passwords. However, in my work experience, all too often I see people using fairly weak ones. When asked why, the answer I usually get is that it’s too hard to remember long random passwords. I get this. A password doesn’t do you much good if you can’t remember it.
A popular techie web comic made a good one about this from xkcd:
While the majority of people know about A, CNAME, and MX records, DNS actually has many dozens of types in common use, and many more dozens of faded historical use that aren’t used at all.