How DNS happens
DNS (Domain Name Service) has been around since the first time someone tryed a name instead of an IP to get somewhere on the Internet. Which translates to only a few years younger than the first network. What happens when you type ‘google.ca’ isn’t stunningly complex, it’s really no more than your machine looking up the number of that domain and then sending you there. The really interesting part is how much we rely on it and how it’s embedded into nearly everything. In fact the Internet would grind to a halt in about 5 minutes without it and the fact it is made of millions of simple text files is a minor marvel.
So why the news on DNS? My home internet (to my server) went out a few days ago and it is one of a chain of DNS servers that maintain a few domains. It also exposed an vulnerability in my redundancy which I had thought covered, turns out some companies know less of DNS than I do and thier system weren’t capable of taking the added load. Thus the DNS entries began to expire and the scramble was on. Long story short, I managed to get a new DNS system up in a few hours and migrate things to a more stable platform. The whole system is better than ever and more fault tolerant. This meant some email outages for a time and though email can recover, the deliveries where later than expected.
What I learned yet another software system that doesn’t do what it claims and I didn’t even get an error the system wasn’t working as expected. No way to check and the only way to discover the flaw was to create the problem it was meant to protect against, seems a rather hard way to test a system. I’ll have to break down and learn to use Unix on the command line and stop relying on a GUI that tries to hide thier failures behind pretty icons.
I’ve never been a proponent of ‘hard testing’ where one creates the disaster to check the recovery system. My reasoning being if things are other than planned (see Murphy’s law) you’ll have created a problem you do not have the solution for (or your recovery plan would have worked).
So I’ve learned a few new tricks, found a useful service for DNS replication and for one day of annoyance managed to ‘hard test’ my failover system. Now I just have to get my own regular Internet connection back, thank the tech gods for cell phone tethering
On June 27th 2012 Microsoft accidentally put Skype into thier ‘Important’ updates for the WSUS. What happened was that millions of users got Skype installed on thier desktop without consent and let’s face.. not really needing it.
The update was ‘expired’ once the error was discovered but the fact it happened at all is rather disconcerting. Not only was the program installed without user approval (being it was misclassified) but it makes this vector of program installation much more suspect.
The long and short is; if you suddenly have Skype on your desktop you can uninstall it. It was a Microsoft error that put it there and with luck it will not happen again.
For a couple of months Apple has been aware of some malware called ‘Mac Flashback’ and a resounding failure to do anything about it has cause and estimated (so far) 600,000 viral infections on Mac. Thus the arguement finally ends, and rest assured this isn’t the first virus it’s just the first that cannot be swept under the rug.
So the time has come and you’ll need to check your computer for a bug, and unlike the well versed PC market it won’t be easy. Then you’ll have to get a some real protection because what comes with the computer isn’t sufficient (obviously). Steve Jobs is dead, Mac can get viruses and solution isn’t easy or pretty; welcome to the real world.
Read more: http://www.foxnews.com/scitech/2012/04/06/how-to-protect-your-mac-against-malware/#ixzz1rHktiW5X
Gizmodo (a tech savy company that offers layman explanations about the latest gizmos) while underwhelmed by the new iPad2 thought they have some fun with the non-tech. This fun was giving a regular iPad2 user a ‘new iPad’, which was actually an old iPad2 but they were TOLD it was the new version. The sad part is the apple consumer wanted the ‘new iPad’ because it was the new version, even though it was the same as the one they already owned.
Read the Gizmodo article here:
Upgrading a computer workstation (home or office) can be a real gamble. Not only is it a good deal of cash the time and energy to move all your data, programs and re-do all your settings is significant. Sadly, far too often, the performance increase isn’t worth the cost as a clean install will oftne do the same thing and save you nearly $1000.
This however (the machine below) will make a HUGE difference in your performance:
Intel Core i5 2500 Quad Core Processor LGA1155 3.3GHZ
ASUS P8H67-M PRO/CSM Motherboard
Mushkin 8GB 2X4GB DDR3-1333 Dual Channel Memory Kit
OCZ Vertex 3 120GB Solid State Disk Flash Drive
Samsung Black DVD Writer
Antec Three Hundred Case 300 ATX Front USB & Audio
Sparkle Power Supply W/ 120MM Fan
Samsung S23A300B 23IN Widescreen LCD Monitor
Logitech MK200 Media Keyboard and Mouse Combo USB
Microsoft Windows 7 Professional 64BIT DVD OEM
Microsoft Office 2010 Home and Business English
From NCIX this complete computer is less than $1400. Being one could skip a few pieces if you already have them (OS, screen, keyboard) the price can get down to about $600 for the basic computer. The SSD and the timed CPU/Memory/Motherboard are the key, it’s runs lightning fast and is rock solid reliable. The only upgrades needing consideration to this beasty.. add in a mechanical 1TB+ Western Digital Caviar Black for storage and an NVidia video card.
The web server (and backup mail) is moving from the old DDS (fractional dedicated server) to a newer ‘virutal’ server located in the ‘cloud’. The advantages are it’s a little more reliable but mostly it cleans up years of alterations and upgrades and it’s far more expandable.
Dec 14th – The old server dies tonight at 9pm, everything I could find to move I moved and it’s been off for a few days and no complaints, one can only hope it all migrated properly. The new server is faster and MUCH cleaner. If you have any issues or problem don’t hesitate to call.
You know that little HTTPS: we all love to trust when we do online transactions.. well the old versions (TLS v1.0 and earlier) have been compromised. This means a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a web-server and an end-user browser.
Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the destination website.
At this point the hack isn’t usable by the average weenie on some remote country, the processing power needed is extreme but as the code is improved it’ll become more important to rely on TLS v1.1+ to remain secure. The major browsers will likely soon release a patch to implement TLS v1.2 but it’s up to the website to deploy the other end to ensure secure communication.
Just thought you should know in case you didn’t feel vulnerable enough already.
In Canada we don’t get the FBI, NSA, CIA, Homeland Security, State Police, Local Cops or a myriad of odd agencies with dubious jurisdictions wanting to know much of anything regarding your computer server. In Canada you get one of two agencies 95% of the time, RCMP or CSIS, neither is good but both are better than the US alternatives that are often more interested in their goals than preserving your data.
What has been getting the attention lately has been around for over a year now and courtesy of the PRC (Peoples Republic of China). Few will come right out and say it but state based espionage is the bread and butter of China’s financial machine.. what you can’t develop, you steal.
The target of choice right now is Microsoft Small Business Server 2003. It’s a good OS and system but if compromised it can be difficult to detect, but here is something you can look for:
Examine the file with Notepad and at the very top do you see any ‘funny’ code? Something like this:
That code at the top.. that’s the signature that not all is right in your system. Who, what, how and all the rest I’m researching but your machine, though not compromised, is quite possibly working for the bad guys.
I’ll add a comment when I have a name and process for removing this beasty.
There’s a good chance if you’ve been reading or listening to the news you’ve heard tell of a mysterious group called ‘Anonymous’. They have no leader, answer to no one and for the most part are a complete enigma when one considers how groups work.
The group has been linked from topics as far ranging as ‘TitStorm’ in Australia (the attempt to block pictures of small breasted women) to the freedom uprising in Syria & Egypt with a collection in between. The US government has a few times been at both ends of the stick and a few over-inflated corporate egos (HB Gary, The Tea Party, Visa, PayPal & MasterCard to name a few) have had a good slap. You’ll want to read the Wikipedia article that covers some of their history.
So you might ask, why talk about this on LogicITy? I want people aware of something called ‘False flags’. The name is derived from the military concept of flying false colours; that is flying the flag of a country other than one’s own. Governments and corporations do this regularly and it’s a mainstay in political battles. Malware often tricks you pretending to be from someone you would trust, this is the same principle.
Anonymous has uncovered some very sneaky and dirty stuff going on in the internet, it would serve some governments and corporations to have you not listen to what they have to say. I’m suggesting you listen to that faceless group before dismissing them as hackers, cyber terrorists or punks.
Oh.. and don’t worry about FaceBook on November 5th.. Anonymous has never been about ‘shooting the messenger’.
“Hello, this is your computer company and we are making this free call because you have a computer virus spamming the net.”
Oddly enough you don’t recognize the voice, and they don’t seem to know anything about your computer or anything else. They tell you it’s really bad and just need to help you fix the problem. The final hint.. their english is really bad and heavily accented.
It’s a scam. Most people know it in seconds but those that are less farmiliar with computers tend to fall for it. Tricked into giving out information that can result in signing up for useless services, programs or at worse let hackers into their machines. People feel enough the fool after these misadventures to not tell others about their experience, thus hiding how often this really happens.
Warn your folks/kin/parents (the elderly are especially vulnerable) and be vigilant. It’s an old trick with a new twist and Telus is no help at stopping these scammers from calling (you’d think they’d block the call-centers from calling into Canada at all).
If in doubt, call me.. but you already knew that.