ISPs worry a new Chrome feature will stop them from spying on you

ISPs worry a new Chrome feature will stop them from spying on you

Enlarge (credit: Thomas Trutschel/Photothek via Getty Images)

When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers for sending DNS queries over the encrypted HTTPS protocol.

But major Internet service providers have cried foul. In a September 19 letter to Congress, Big Cable and other telecom industry groups warned that Google's support for DNS over HTTPS (DOH) "could interfere on a mass scale with critical Internet functions, as well as raise data-competition issues."

On Sunday, the Wall Street Journal reported that the House Judiciary Committee is taking these concerns seriously. In a September 13 letter, the Judiciary Committee asked Google for details about its DOH plans—including whether Google plans to use data collected via the new protocol for commercial purposes.

Read 18 remaining paragraphs | Comments

Darknet – The Darkside 2017-07-17 09:50:55

Bluto is a Python-based tool for DNS recon, DNS zone transfer testing, DNS wild card checks, DNS brute forcing, e-mail enumeration and more. The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them […] The...

Read the full post at darknet.org.uk

dnsteal – DNS Exfiltration Tool

dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. dnsteal is coded in Python and is available on Github. Features dnsteal currently has: Support for multiple files Gzip compression supported Supports the customisation of subdomains Customise...

Read the full post at darknet.org.uk

TP-Link forgets to register domain name, leaves config pages open to hijack

This (blurry) picture shows the bad domain name printed on the bottom of a TP-Link router. (credit: Amitay Dan)

In common with many other vendors, TP-Link, one of the world's biggest sellers of Wi-Fi access points and home routers, has a domain name that owners of the hardware can use to quickly get to their router's configuration page. Unlike most other vendors, however, it appears that TP-Link has failed to renew its registration for the domain, leaving it available for anyone to buy. Any owner of the domain could feasibly use it for fake administration pages to phish credentials or upload bogus firmware. This omission was spotted by Amitay Dan, CEO of Cybermoon, and posted to the Bugtraq mailing list last week.

Two domain names used by TP-Link appear to be affected. tplinklogin-dot-net was used, according to TP-Link, on devices sold until 2014. On initial setup, while the router's Internet connection is still offline, the domain name will be trapped automatically and correctly send users to the router's configuration page. But subsequent visits to the configuration page can use the real Internet DNS system to resolve the address, and hence those routers are susceptible to being hijacked. A second TP-Link domain name, tplinkextender-dot-net, was used by TP-Link wireless range extenders and is similarly vulnerable.

Together, these domain names appear to be quite busy; estimates based on Alexa's ranking suggest that tplinklogin-dot-net sees about 4.4 million visits per month, with another 800,000 for tplinkextender-dot-net. It's not known who the new owner of the domains is, but Dan tweeted that domain name brokers are offering the more popular of the two for $2.5 million. This high price tag is perhaps why TP-Link has declined to buy the name back.

Read 1 remaining paragraphs | Comments