Internet blackout for thousands coming Monday ?

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

NEW YORK (CNNMoney) -- Hundreds of thousands of Internet users whose computers are infected with a particularly nasty virus will be unable to access the Web starting on Monday.

The Federal Bureau of Investigation will shut down Internet servers that it temporarily set up to support those affected by malicious software, called DNSChanger. Turning off those servers will knock all those still infected offline.

Over the past five years, a group of six Estonian cybercriminals infected about 4 million computers around the world with DNSChanger. The malware redirected infected users' Web searches to spoofed sites with malicious advertisements.

In November 2011, the FBI and some overseas partners arrested those responsible, commandeered their servers, and attempted to warn those affected to get rid of the virus.

The FBI did not immediately take down the rogue servers, as infected computers would have lost Internet access, an FBI spokesman said.

To remedy the problem, the FBI had the nonprofit Internet Systems Consortium set up temporary servers. That way, computer owners would have time to get rid of their malware.

The servers were supposed to be shut down in March, but hundreds of thousands remained infected. Nearly 304,000 computers worldwide (about 70,000 in the United States) still had the virus in mid-June, according to the FBI's latest report. That's a large number, but it's a very small subset of the 1.6 billion PCs worldwide, of which an estimated 339 million are in the United States.

Still, the FBI decided to give people even more time to check for the malware, extending the deadline until July. The agency now says the time has come to cut the cord, and the emergency servers will be shut down on Monday, July 9th.

source

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned a lot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting you for dns, you can direct them anywhere you want - no matter what they query. They should have done it months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

Grand Master

primexx

Posted
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned alot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting your for dns, you can direct them anywhere you want - no matter what they query. They should of done that months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

sorry but this really bothered me:

should have

a lot

Guest nicconics

Posted
Posted

They should of shut them down day one..

Heres the thing if they are really that worried, why don't they they just have their temp severs they put up just direct people to a site that says HEY Your infected dumbass!!

I am sure they learned alot about the infected when they brought up the temp servers, but all this hype seems a bit much. If users are hitting your for dns, you can direct them anywhere you want - no matter what they query. They should of done that months and months ago..

This is a bunch of hype about a bunch of idiots in the first place, prob a good thing if these people were off the net for good anyway ;)

Now BudMan, you know if that happened the internet would shrink from its current user base to around 200-300k people. Then we would not have such things as zombo.com etc. :p

Grand Master

Hum

Posted
  • Author
Posted

... but DNSSEC Test is giving me a red X. :(

You've been a naughty boy.

For additional information regarding the DNS changer malware, please visit the FBI's website at:

http://www.fbi.gov/n.../malware_110911

ME:

DNS Changer Check-Up

DNS Resolution = GREEN

Your computer appears to be looking up IP addresses correctly!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"but DNSSEC Test is giving me a red X"

That doesn't mean your infected - my bad for not making that clear.

DNSSEC is a way to validate that your actually talking to the owning server and that records your getting are valid. Which would have told you right away that something was up if you had gotten pointed to some other dns that was returning bad info if the domain you were trying to go to was dnssec enabled. For example neowin does not have it enabled - simple dig to a domain can grab their key.

dig +dnssec domain dnskey

So wouldn't of done much good if they were misdirected etc.. But other domains like isc.org are

; <<>> DiG 9.9.1-P1 <<>> +dnssec isc.org dnskey
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48102
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;isc.org.					   IN	  DNSKEY

;; ANSWER SECTION:
isc.org.				770	 IN	  DNSKEY  256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B
8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=
isc.org.				770	 IN	  DNSKEY  257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8Z
GfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T51
5sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/
rzeC/bB yBNsO70aEFTd
isc.org.				770	 IN	  RRSIG   DNSKEY 5 2 7200 20120801230125 20120702230125 4442 isc.org. smgvLPkUP2wVdsHUirDUOu
NqCPEAVzxRpNT6p6T14LhJokYlTl2zBbaa 4igyDfcNAhpUn747cm95PFt4wrkGXi/ZJ9D1XeQXQ4S56eEhnj3LUt4l MC6aU5GrDhUa5kH7ef2HYSmGM+0oajQZtop7xP
jHJ4Mkzsb7FhVcknUa JZk=
isc.org.				770	 IN	  RRSIG   DNSKEY 5 2 7200 20120801230125 20120702230125 12892 isc.org. nobtYkqQ/Hw9VqY6Spoog
TpyBfd715onQw4TzYz3vv9m8UDLUSjxULTx rUHPVtz0Ikgaw+RgzrBxftLsowxvM0ilDyGrFkg3OyW8zquG5jFnNJla iuuU9ysJnrPJ05xmmvWh/k9MwBzBNwq/Xu3wS
PLG+uTSAp26bztxeMV9 r3i/W6qBPoxiAo5D51k6W4OPfcrZqjRfi51RDqncwHXSl4OOeKC5JF8m 7f5rxkrZNB+1VCaBxCqBcPOJ/ZJNQWwAw7uWZCOwZ9uODsCQ6avoo
G1Q iOrEsxhcb1x4t9NXSUDhNUzuDGsI90pPvnnGi9Sgq7IeoEoZ0yNr2Vvw nvi8Mw==

;; Query time: 21 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sun Jul 08 09:17:13 2012
;; MSG SIZE  rcvd: 925

More domains need to really start using this, but like ipv6 you have a carriage before the horse sort of deal. If the clients are not checking, no point in having it enabled, if domains are not using it - no real reason to be checking it ;) I would hit your ISP up on it if your that is the dns you use.

http://en.wikipedia....rity_Extensions

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server

There should be no reason why your not able to do dnssec now, unless ISP is behind the times. You can contact your ISP about it, you can use a different dns (googledns, opendns, etc) or just run your own dns so that you can use dnssec.

post-14624-0-50969100-1341756178.png

The testresult is a green tick; what does that mean?

The green tick is good. It means that the DNS server your computer uses actively supports the DNSSEC Protocol. So you are better protected against abuse of the DNS Protocol.

I see a red cross; what's that all about?

A red cross means that you aren?t benefiting from the added security offered by DNSSEC. Compared with someone whose set-up is DNSSEC-enabled, you are more vulnerable to abuse of the DNS.

What can I do if I want to benefit the added security that DNSSEC offers?

That depends on the way you use the DNS. Many internet users rely on the DNS service provided by their Internet Service Providers (ISPs). If that?s the case with you, you need your ISP to activate DNSSEC. You may wish to contact your ISP about it. However, it could be that the reason you aren?t benefiting from DNSSEC is that there is a modem or router between your computer and the DNS server(s) you use, which does not understand DNSSEC. In that case, you may have to upgrade the firmware on your modem or router. More advanced users may decide to configure DNS servers that support DNSSEC, or even run their own DNS server that supports DNSSEC (a so called validating resolver). If you did the test in a business environment, you may wish to contact your IT department. However, be ready for the possibility that your IT colleagues aren?t immediately able to help you ? not very many people are familiar with DNSSEC yet.

  • Max Norris and +hedleigh
  • Like 2
Grand Master

Max Norris

Posted
Posted
There should be no reason why your not able to do dnssec now, unless ISP is behind the times. You can contact your ISP about it, you can use a different dns (googledns, opendns, etc) or just run your own dns so that you can use dnssec.

Nice writeup -- just a minor clarification, OpenDNS went with DNSCurve instead of DNSSEC. No idea on the technicalities of one being better than the other.. was curious as I use OpenDNS myself.

http://blog.opendns....endns-dnscurve/

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

dnscurve is a hop to hop and yes can be used for validation of the hops, and also actual encryption of the transaction. dnssec is full path, end-to-end and verifies that data you got is same as what is on the authoritative server for that domain.

They are sim in that they are working on securing dns, but not equal - not sure what opendns was thinking other than getting their users to run some client that only goes to them for dns ;) I really don't see a need for encryption of the actual transaction. But I can see verification of said data a big concern.

You could use dnscurve hand in hand with dnssec. For example use can use dnscurve to your resolver (isp for example) and then use dnssec to validate your data is legit. So at some point your ISP dns is talking to root servers, I highly doubt dnscurve is going to get deployed to the roots. But dnssec already is - back in may of 2010

http://www.root-dnssec.org/

Just do a dig +dnssec for any of the root zones org, com, net, etc.

As to opendns not using dnssec - on their blog entry about turning on dnscurve.

Editor?s note: Our support for DNSCurve doesn?t prevent our adoption of DNSSEC ? they are not mutually exclusive. While we have reservations about DNSSEC, we can and will implement it when we see more demand and traction, but in the meantime, when we see a viable technology that can be quickly implemented to improve security for DNS users, that?s a no-brainer in our book.

As I said before its horse/carriage, chicken/egg thing - why implement when no users, why should user use it if no one has it implemented ;)

So while dnscurve secures your info to opendns, does not really validate the data your getting from opendns - only that your getting it from opendns ;)

The news of this dns changer thing that went on way to long, hitting the mainstream can and should be used for users pushing their ISPs to make dns more secure. More and more queries for dnssec, and then more and more domains will start using it.

I think neowin should set the shining example and sign their domain - they run their own dns. Its not that difficult to do!

This could get them started

https://www.dnssec-tools.org/wiki/index.php/Sign_Your_Zone

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Politically funny images of the World

      By +Edouard · Posted

    • Helium Browser 0.13.4.1

      By Copernic · Posted

      Helium Browser 0.13.4.1 by Razvan Serea Helium is a private, fast, and honest Chromium-based web browser — built for people, with love. It offers the best privacy by default, unbiased ad-blocking, and a clean experience free from bloat and noise. Proudly based on Ungoogled-Chromium, Helium removes Google’s clutter while keeping a fast, efficient development pipeline. With thoughtful touches like native !bangs and split view, Helium is a people-first, fully open-source browser that puts control back in your hands. Privacy, security, and control come first. Ads, trackers, and third-party cookies are blocked automatically, HTTPS is enforced everywhere, and all Chromium extensions work seamlessly — while Google can’t track your activity. Helium’s 13,000+ offline-ready !bangs let you jump straight to sites or AI tools like ChatGPT instantly. Open-source, people-first, and unbiased, Helium delivers a browsing experience that’s fast, secure, and free from noise, ads, and compromises. Helium Browser key features: Performance Fast, efficient, and lightweight — built on Chromium’s optimized engine. Energy-saving and consistent — stays fast over time without slowing down. No bloat — stripped of unnecessary components for maximum speed. Minimalist interface — compact, clean, and distraction-free. Customizable toolbar — hide elements you don’t need. Smooth and stable — no flicker, lag, or animation glitches. Comfort-focused experience — intuitive and unobtrusive. Privacy & Security Best privacy by default — blocks ads, trackers, phishing, and third-party cookies. Unbiased ad-blocking — powered by community filters and uBlock Origin. No telemetry or analytics — zero background web requests on first launch. Strict HTTPS enforcement — warns for insecure sites. Passkeys supported — modern authentication made simple. No built-in password manager or cloud sync — your data stays yours. Extension Compatibility Full Chromium extension support — including MV2 extensions. Anonymized Chrome Web Store requests — Google can’t track extension installs. Extended MV2 support — maintained for as long as possible. Smart Features Native !bangs — browse faster using 13,000+ offline-ready shortcuts. AI integration — use !chatgpt and others directly from the address bar. Offline functionality — bangs work without an Internet connection. Philosophy People-first design — open source, transparent, and community-driven. No ads, no noise, no bias — privacy and honesty over profit. Helium Browser 0.13.4.1 changelog: 0a4f1149 revision: bump to 4 (#1969) 4848de1f helium/core: enable the chromium screenshot feature (#1968) e0dec3f5 onboarding: integrate strings to i18n system (#1948) 417fa5bc i18n: fix newline parsing for onboarding 7a339b39 i18n: add foraged translations for onboarding 4f090cff i18n/generate: add handling for onboarding strings bfe48d58 i18n_apply: manually override parent grd logic for onboarding strings ab214e3c onboarding: bump in deps, wire up grdp afa6a059 helium/core: disable pdf infobar feature (#1965) eba585e7 helium/ui/vertical: fix new tab button alignment and icon size (#1964) 6ecfc9e0 helium/ui/tabs: fix horizontal tab hover background color (#1963) 3db87dc0 helium/ui/tabs: fix new tab button hover/press colors (#1962) 6bbdcc3e helium/ui: improve tab group UI in all layouts (#1961) 53deb314 helium/ui/tabs: enable tab group hover cards e93aece7 helium/ui/vertical: fix tab group appearance, prevent line overlap 629f5495 helium/ui/tabs: restore solid group header colors, enable new colors 961c962e helium/ui/tabs: move horiz tab group underline to bottom, make it thick c96deab6 merge: update to chromium 149.0.7827.155 (#1959) 36db56b4 i18n: update source.gen.json 5ce006ae patches: refresh for chromium 149.0.7827.155 b4c1ea62 merge: update ungoogled-chromium to 149.0.7827.155 4e5e8671 Update to Chromium 149.0.7827.155 08a3e7da helium/ui/layout: disable mute on collapsed vertical tabs (#1778) a0a5bbaf helium/core: simplify context menu and prevent huge widths (#1951) c4732aac devutils/i18n: add forage command (#1944) 11d16986 devutils/i18n: add an option to translate using local CLI tools (#1942) d820c3a2 i18n/prompt: tighten translation rules to prevent common errors (#1940) cf827007 Update to Chromium 149.0.7827.114 6e3d5164 Update to Chromium 149.0.7827.102 Download: Helium 64-bit | Portable 64-bit |~100.0 MB (Open Source) Download: Helium ARM64 | Portable ARM64 Links: Helium Home Page | macOS | Linux | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Glow 26.10

      By Copernic · Posted

      Glow 26.10 by Razvan Serea Glow provides detailed reporting on every hardware component in your computer, saving you valuable time typically spent searching for CPU, motherboard, RAM, graphics card, and other stats. With Glow, all the information is conveniently presented in one clean interface, allowing you to easily access and review the comprehensive hardware details of your system. Glow provides detailed information on various system aspects, including OS, motherboard, processor, memory, graphics card, storage, network, battery, drivers, and services. The well-organized format ensures easy access to the required information. You can export all the gathered data to a plain text file, facilitating sharing with others for troubleshooting purposes. No installation needed. Just decompress the archive, launch the executable, and access computer-related information. Glow runs on Windows 11 and Windows 10 64-bit versions. Glow 26.10 changelog: New Features The bootstrapping algorithm has been completely redesigned. The software can now launch directly without requiring TS Preloader. As part of this change, the startup splash screen displayed during initialization has been removed. In addition, spikes in CPU usage have been eliminated, resulting in a more stable architecture with significantly lower memory consumption. The Microsoft Office detection infrastructure within the Operating System section has been enhanced. Additional detection support has been added for Office C2R (Click-to-Run) installations. Furthermore, the license status evaluation system has been improved, and the priority order has been revised as follows: Licensed > Grace Period > Other (NOTIFICATIONS, EVALUATION, etc.). Glow now includes preliminary support for Wi-Fi 8 technology, allowing more detailed information to be displayed for Wi-Fi 8-compatible network adapters. Glow now provides full support for Bluetooth 6.2. Adapters supporting Bluetooth 6.2 can be analyzed in greater detail and with improved accuracy. The disk distribution view in the Disk section has been modernized, replacing the traditional table layout with a new 2×2 card-based design. The TS Custom Controls module has been updated to v26.7. Thanks to the new custom controls, all Türkaysoft applications now offer a more modern and consistent user interface aligned with Windows 11 design standards. Bug Fixes Potential line-ending handling issues in the Office detection code within the Operating System section have been resolved. Additionally, the output format has been standardized to UTF-8 to prevent character encoding issues and ensure consistent data processing. Several stability and file management issues within the Debugging infrastructure have been addressed. Problems that prevented new log files from being created after Debugging was disabled, as well as issues causing debug records to be lost, have been fixed. File deletion and reaccess issues that occurred after file locks were released have also been resolved. In addition, a bug that caused newly recreated log files to remain locked after deletion has been eliminated. Unnecessary blank lines within debug logs and the extra empty line that could appear at the end of log files have also been corrected. A shortcut key conflict caused by assigning identical hotkeys to both the DNS Test Tool and the Donation page has been fixed. The DNS Test Tool can now be accessed using CTRL + Shift + D, while the Donation page is available via CTRL + Alt + D. Changes The service responsible for providing the Public IP Address and Internet Service Provider information in the Network section has been updated to use the ipinfo.io infrastructure. This change improves the accuracy and consistency of the displayed data. (No external requests are made while Hiding Mode is enabled.) Some terms in the Dutch and Korean language files have been updated to make them clearer and more user-friendly. [TS Updater] Before the update process begins, users are now prompted to choose whether they would like to view the release notes. Note: Always unzip the program before using it. Otherwise you may get an error. Download: Glow 26.10 | 1.8 MB (Open Source) Links: Glow Homepage | Screenshot | Github Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Media Player Classic - Home Cinema 2.7.3.2

      By Copernic · Posted

      MPC-HC 2.7.3.2 is out.
    • The official Funny Pictures thread

      By +Edouard · Posted

      Maradona if hydration breaks had existed in Mexico 86.

  • Recent Achievements

    • Reacting Well
      BizSAR earned a badge
      Reacting Well
    • First Post
      AndreaB earned a badge
      First Post
    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done
    • One Month Later
      eurospharma62 earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      582
    2. 2
      +Edouard
      183
    3. 3
      PsYcHoKiLLa
      75
    4. 4
      Michael Scrip
      73
    5. 5
      neufuse
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!