DNS hijack hits The Register: All well On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers. The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we …
Yup - our l33t hackers will hijack the aliens DNS, causing them to die of acute embarrasment when their invasion webpages redirect...
(which is actually slightly more likely than the Powerbook-virus-transfer-to-the-mothership-mainframe-via-AppleTalk trick, tbh)
http://starringthecomputer.com/computer.php?c=54
I consider myself a hacker (in the original sense of the word, and not limited to software or computer either), and the way I'd like to deal with the cracker/script kiddie end of the scale it through the business end of an AK47, or copious amounts of C4. Oh, and that includes spammers too. After buggering them with a splintery broomstick lovingly marinated in Mad Dog 44 Magnum Pepper Extract (look up its Scoville rating if the name is not explicit enough)
The problem is the term hacker has as many as three distinct meanings in computing:
(1) Originally someone who hacked out code. Not necessarily a compliment.
(2) Later it became a term used for a very good coder or someone who loved coding for its own sake.
(3) Later still it was used (largely by the media) to describe crackers, script kiddies and even blackhats.
The last two definitions are still in use. I avoid the term and always use an alternative as it is too easily misunderstood.
Almost, but not quite. See:
http://www.dourish.com/goodies/jargon.html
And that's a later-day version of the file I first ran across at Stanford in ~1976. If I remember correctly, back then it was called "AIWORD.RF". Hacking wasn't just about software, it also involved modifying chassis with hacksaws to make parts fit. The license plate frame on my daily driver has read "Beware of programmers who carry screwdrivers" for several decades ...
Like comments now stretching beyond the 800 pixel width of the screen I'm using to view them on.
Such complaints used to be dismissed with a, "get with the programme, stop being a Luddite; time for a sensible-sized monitor". That was never an entirely valid response to the problem and less so with the proliferation of hand-held and mobile devices.
Oh well, time to write another Greasemonkey script to re-render the pages to fit :-(
..until you're older. I have an HTC Desire and I struggle at times to read the text. I almost have to remove my glasses now and might have to switch to varifocals. I'm holding out until it gets so bad that I can't read my laptop screen easily.
I'm only 44.
http://www.nia.nih.gov/healthinformation/publications/eyes.htm
In my case Presbyopia began to kick in at age 39. That was after let's call it twenty years of using a computer (excluding playing games on a Sinclair Spectrum). So don't be so smug. Hopefully there'll be a revolution in display technology for mobile devices before it hits you.
Still - the important point to note:You don't have to be 'old and frail' to start having problems.
I'm 45 and have just noticed the glasses on / glasses off issue with my new Macbook Air 11" ... so I will have to keep using the "applekey +" keystrokes to enlarge the text until I get the firm to pay for varifocals.
Still not bad for 32 years of VDU squinting and I've always been myopic .. just waiting until I get 20/20 vision when I'm 80+
Mobile devices are covered with m.register.co.uk, with the unfortunate omission of icons when posting a message (which I get round by knocking off the m. at the start of the address when replying to a post). I hope someone at Vulture Central takes the hint and adds post icons to the mobile version of the website.
In fact I'm using m.theregister.co.uk from my desktop as something somewhere still has www.theregister.co.uk in its DNS cache poisoned.
Sure, if your web browser can't either zoom the page to a useable compromise size - your definition of "useable" - or, in the case of Opera, squeeze the stuff onto the screen itself - not guaranteed. Disabling the site's CSS may also help.
I'm no longer using a tablet in portrait orientation, 480x800, for this, and that's probably a good thing.
OS X has a lovely "Try turning off and on again" and "Are there any devices you can turn off and on?" messages in their assistants.
IF end user router companies could agree on a simple standard for doing these simple tasks (e.g. a basic secured page relative to modem ip to reboot) , operating systems or even browsers could deal with the non standard and confusing interfaces.
I rarely use modem's interface to reboot since I don't have time to browse 10 pages (some even have flash!) designed in that years cool asia page fashion.
In fact, I once "fixed" friends car by just turning off motor and on, "like a freaking computer" (in his words). Seems the fuel computer of car freaked out a bit. :)
Works for a lot of things to reset to a pre-configured state and its good to remind people of the simple solutions. Sometimes its easier to say "Dad, turn it off at the mains, wait a few seconds and then turn it on again" then to drive a few hundred miles just to perform hands-on diagnosis and reach the same conclusion.
I'm sure lots of enterprises still run weekly "reboot server to clear memory leak" etc housekeeping actions ... its sad but true .. fixing the symptom is cheaper than upgrading the software stack. It used to be said that "Microsoft fix #1" was reboot/powercycle .. its the fix of last resort for Unix/Linux boxes though.
My Smart Car has lost its marbles a couple of times refusing to change gear using its tiptronic controls .. so it was time to pull over, turn off and turn on again to fix .. interestingly it worked regardless of the number of windows I had opened.
Replaced the air filter, plugs, cleaned MAF sensor and throttle body, and then reset BCU/ECU to relearn parameters in my 08 GMC Canyon 2.9L 4cyclinder truck. Have to do it again when my new ported throttle body shows up. Picky picky and likes throwing CEL codes. Determined to get 30mpg average out of this truck... Need to get it on a dyno and custom tuned but I digress....
What was I on about?
;)
People supporting and controlling Turkish government can enter a top secret military facility without getting noticed, plant dvd-rs containing thousands of pages of rigged documents and call the police.
Or. They can record thousands of people phone calls, daily activities and even bed activities and make them their puppet, especially if the person is in media.
Current policy of UK and US Govt. is to support the .tr government so if you are British or American, you will never hear about these.
Would you dare to protest such a government? It would be like setting up a pirate radio station in Berlin back in 1930s.
I have a clue about who the idiot could be (like all .tr IT) but for this kind of pathetic lamer, best is not to advertise.
What exactly do you think matters about version numbers and extension names that The Reg shouldn't be showing them?
There is nobody with a brain out there attacking servers but "ignoring" certain version numbers of Apache / modules because they look up-to-date. It's a pointless task because where there is no version number at all you'll probably try your exploit anyway because it almost certainly means someone who's scared of showing what ancient version they have running, and where a version number is returned it can easily be faked, and where it's not faked and not-out-of-date, it takes longer to check the version number against some magical list of "non-exploitable" Apache versions than it does just to try whatever exploit you're attempting anyway. And Apache version numbers mean nothing because even Debian/Ubuntu sometimes uses "old" versions of Apache that have been patched even if their version numbers aren't one of the "officially" fixed versions.
SSH has as part of the protocol that you MUST give a version number out in the initial parts of the handshake (a lot of clients rely on it for feature detection etc.) and it's never been a problem in all the time that protocols been around (and, if anything, encourages people to upgrade!)
If you're worried about showing your version numbers, you're scared about people finding out what you ACTUALLY run. That's more worrying than anything they could do with that information (which would be precisely ZERO because most attack tools are automated and just-don't-care about version numbers because they can try the entire exploit in the time it takes to find out the version of a remote server; in the same way that I still witness tons of SPF failures on email - because the people sending out spam just don't care or it's not worth the effort to bother to weed out SPF-enabled domains from their "fake-from-address" list).
Someone in IT suggesting that someone else knowing what version number of a piece of software you run is like a mechanic saying that you should take the badges off your car so that people don't know it's a Ford in case they try all to break into it using methods that only work on Fords. 1) It fools no-one. 2) Car thieves aren't stupid enough to be stopped when their "Ford-only" exploit doesn't work. 3) A brick through the window works on pretty much every car in the world.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
