| 9:59 pm on Jan 27, 2009 (gmt 0)|
I think this problem should be moved further down the list of issues raised by hackers and spammers. I'd like to see "fake headers" become impossible in emails for example. Hackers don't even need the server to resolve to another IP when they can just inject whatever domain/site name they wish as the sender.
I still receive spam emails that suggest my long deceased grandfather is still emailing me and wants me to pick up the latest hallmark card he sent me. Of course the link is an exe, it's a hacking attempt, but the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first.
| 1:06 am on Jan 28, 2009 (gmt 0)|
To me, the key to 'fast flux' hosting is to take things out at the DNS level not the host level. That means that registries have to become a lot more responsive to complaint - at present it is very hard to get them to take action against illegal use of a domain name. I would like to see a system by which registries are obliged to take down a domain with evidence of illegal use within an hour of the evidence being submitted.
| 4:26 pm on Jan 28, 2009 (gmt 0)|
|the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first. |
IMHO forged email headers are a minor issue.
Do you really look at email headers before deciding to run an executable attached to an email? If Hallmark really did send you an .exe you still should't trust it I hope - so isn't the executable attachment a far bigger deal than the forged header line(s)?
BTW, I could send you a postcard on which I'd written "From: Barack Obama, 1600 Pennsylvania Avenue" but in addition to that there'd like be a postmark saying "Innsbruck, Austria" [I'm doing a bit of skiing this week].
Would you believe my forged "From:" lines, or the post office's postmark?
Just like "From:" and "Received:" in your email header... it's easy once you know how :-)
| 1:00 am on Jan 29, 2009 (gmt 0)|
Perhaps I'm misunderstanding the problem but...
The issue is how to quickly close down bad websites, is it not. So, rather than worrying about the IP address to which the domain resolves, surely they should simply blacklist/erase the domain name. If the domain name is erased, that's it, job done.
Provided this can be achieved quickly (hours not days) and mistakes can be corrected (days not weeks) then that should more or less solve that part of the problem. However, phishing attacks will simply use multiple IP addresses directly i.e. without bothering to register silly domain names like "security-check-acmebank.com"
Am I missing something?
| 1:37 am on Jan 29, 2009 (gmt 0)|
|simply blacklist/erase the domain name. If the domain name is erased, that's it, job done. |
|Provided this can be achieved quickly (hours not days) |
Kaled, you are entirely correct. Unfortunately it seems most registries are fighting hard against actually having any oversight over domain use.
| 3:18 am on Jan 29, 2009 (gmt 0)|
Surely, domain name registrars are just middlemen/brokers - they are not actually in charge. If ICANN decide that a domain name should be suspended, they should have the power to do so immediately. They should merely inform the registrar, not ask permission.
However, as I said before, procedures should be put in place to swiftly correct mistakes.
| 10:52 am on Jan 29, 2009 (gmt 0)|
|The issue is how to quickly close down bad websites, is it not |
...but who will get to define "bad"?
ICANN? The US Supreme Court? The RIAA?
| 12:28 pm on Jan 29, 2009 (gmt 0)|
Determining if a domain name is dedicated to phishing is pretty trivial. In any case, that issue has to be solved whichever end of the problem ICANN chooses to attack (domain name or IP address).
Frankly, I'd be inclined to tell the banks to sort out the problem themselves. A secure USB credit-card scanning device could be designed quickly, would be small and cheap, and could even be integrated into new computers. This would also improve security for online shopping, although that's another area where banks have been utterly pathetic.
PS. I don't want to hear comments about making card cloning easier, etc. Whilst a new chip might be required for credit cards, the problem as a whole is easy to solve and could be totally secure.
| 3:57 pm on Jan 29, 2009 (gmt 0)|
|I'd be inclined to tell the banks to sort out the problem themselves |
Funnily enough, that's pretty much what Bruce Schneier suggested back in 2005 [schneier.com].
IMHO he's a guy who actually does know what he's talking about...