Re: Verisign's SiteFinder

[Scott Weeks <sweeks () SANDIEGO EDU>]

Bind has been patched recently.  Go to the NANOG or namedroppers mailing
list archives to be directed to the detailed info.

scott


On Fri, 26 Sep 2003, Bruhn, Mark S. wrote:

:  Some more references to this.  There is a change that can be made to
: DNS to deal with this, which our DNS folks implemented a few weeks ago,
: but I can't find the technical details on that now...
:
:  M.
:
:  --
:
:  The media angle
:  http://www.theregister.co.uk/content/6/32852.html
:
:  The IAB commentary - this is the most detailed coverage of it's effect.
:  http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html
:
:  The ICANN advisory
:  http://www.icann.org/announcements/advisory-19sep03.htm
:
:  M.
:
:
:  --
:  Mark S. Bruhn, CISSP, CISM
:
:  Chief IT Security and Policy Officer
:  Associate Director, Center for Applied Cybersecurity Research (http://cacr.iu.edu)
:
:  Office of the Vice President for Information Technology and CIO
:  Indiana University
:  812-855-0326
:
:  Incidents involving IU IT resources: it-incident () iu edu
:  Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
:
:
:
:
:  -----Original Message-----
:  From: Omar Herrera [mailto:omar_herrera () BANXICO ORG MX]
:  Sent: Friday, September 26, 2003 2:23 PM
:  To: SECURITY () LISTSERV EDUCAUSE EDU
:  Subject: Re: [SECURITY] Verisign's SiteFinder
:
:
:  Verisign seems to be doing something "weird" with this service. There
:  are many discussions around this everywhere, here is a sample of what
:  seems to be going on:
:
:  http://www.techweb.com/wire/story/TWB20030926S0003
:
:  I have not reviewed all the information with detail but it seems that
:  Verisign is being accused of doing some sort of traffic hijacking.
:
:  Omar Herrera, CISSP
:
:  Instituto Tecnol?gico y de Estudios Superiores de Monterrey,
:  Mexico City Campus
:  Information security topic and laboratory
:
:
:  > -----Mensaje original-----
:  > De: The EDUCAUSE Security Discussion Group Listserv
:  > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Matthew Dalton
:  > Enviado el: Viernes, 26 de Septiembre de 2003 01:01 PM
:  > Para: SECURITY () LISTSERV EDUCAUSE EDU
:  > Asunto: [SECURITY] Verisign's SiteFinder
:  >
:  > Has anyone else out there notices an increase in bad traffic filling
:  up
:  > their queues since the SiteFinder "service" went into affect?  If so,
:  what
:  > are other people doing about it from a technological standpoint and/or
:  > awareness standpoint?  If you want to reply to me off-list, I will be
:  > happy to summarize to both lists the results.  Thanks.
:  >
:  > --
:  >
:  ************************************************************************
:  **
:  > |Matthew Dalton                     |Phone: (585)273-1721
:  |
:  > |ITS Security Group                 |Email:
:  Matthew.Dalton () rochester edu |
:  > |University of Rochester            |
:  |
:  > |Rochester, NY 14620                |
:  |
:  >
:  ************************************************************************
:  **
:  >
:  > **********
:  > Participation and subscription information for this EDUCAUSE
:  Discussion
:  > Group discussion list can be found at http://www.educause.edu/cg/.
:
:  **********
:  Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
:
:  **********
:  Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
:

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.