Disturbances in the Force
Corrupted root name databases
At 2:30 am Eastern time on Thursday morning an operator at NSI ignored automated warnings and published corrupt databases for the domains .com (142 MB) and .net (10 MB). Some of the eight other root nameservers, which copy the master NSI data on a staggered schedule, also became corrupted over the next four hours before NSI discovered and fixed the error. (You might well wonder what happened to that overnight operator. "We're still talking to that individual," an NSI business manager said later on Thursday. "He is being dealt with very appropriately.")
The NY Times has the most thorough and technically accurate coverage  of the incident and its aftermath. Additional detail is at , which descends to a level so geeky as to list the nine root-level name servers and to explain the software particulars behind the spottiness and randomness of the incident's effects. Even the Good Grey Times makes a few small errors --  erroneously stating that NSI began charging to register domain names in 1996 (it was 1995), and  misstating the number of root nameservers, a factoid cited correctly in . Most of the press coverage is more confused. A common conflation (see for example this San Jose Mercury-News  story) is associating the root-name problem with the previous weekend's AlterNIC hack against the InterNIC servers (see story below). No one who knows how the network works would posit a link between these incidents.
Of backbones and backhoes
See  for a sketch of four separate recent instances of circuit loss, two involving backhoes  cutting fiber bundles. The backbone carriers had to route around the breaks until they were fixed some hours later. WorldCom was the provider most affected by these mishaps.
SYN flooding attacks on Macintosh sites
Macintosh users had an especially hard week. In addition to the above-mentioned network disruptions, they had to contend with denial-of-service attacks mounted against the Web servers of a number of popular Macintosh destinations: Macintouch, WebCentral, and Webintosh . The SYN flooding attacks  followed a similar barrage directed against the "Crack-a-Mac" contest site  the week before, leading to speculation that the attackers may want to blemish the Mac's reputation as the least vulnerable Web server platform.
An enterprising Netizen has taken advantage of the Tonga registry  to set up an exclusive dealership in .usa.to addresses . (Warning: this site dispenses cookies with abandon.) Aaron Brewster, president of Code:NET, Inc., seems to think that customers will be so delighted to be able to get mcdonalds.usa.to, that they won't think to acquire mcdonalds.to instead. Or in fact to acquire biz.to, with a plan to subdivide it and go head-to-head with Code:NET.
Hijacking the InterNIC
On a shadier note, a proponent of alternate top-level domains has produced a hack that promises to dramatically increase the portion of the Web that recognizes his AlterNIC naming scheme . Eugene Kashpureff sends an artfully malformed response to a standard DNS query from another name server, and the result is hard to distinguish from a virus. Kashpureff is able to spread recognition of his names -- some would say to spread contagion -- to other name servers on the Net in the everyday course of business, and could potentially do so surruptitiously. And there's worse. Over the weekend of 7/12 Kashpureff somehow caused NSI's traffic to be redirected to AlterNIC  (he's not saying how he accomplished this) as a protest against NSI's claim to ownership of the .com domain. One poster on a network-operations mailing list opined, "Mr. Kashpureff is in deep doggy doo."
Set free .org and .net
An InterNIC official is urging regulators to let people apply for .org and .net domain names  in commercial contexts, relaxing the once hard-and-fast limitations on the use of these top-level domains.
By the time the conference began, the hotel's antiquated phone system had been penetrated and instructions distributed on how to call long distance for free. The hotel's radio frequencies quickly appeared on the DefCon mailing list. And someone was carrying around a door to a GTE truck -- I never found out why.
Microsoft attended its first Black Hat Briefing  and heard from the inventors about the latest improvements  to security hole #8 (see  for earlier coverage and  for the collected Microsoft security exploits). L0phtcrack is a tool for delivering plaintext passwords for NT and LANMAN networks; in theory it allows one to obtain NT passwords without administrator privileges given network access between a client and the server under attack. The program comes with unusual license terms: it is $50 shareware to government and commercial users and freeware to all others
Microsoft systems, and NT in particular, are now being subjected to the tough love of hacker scrutiny that once focused on Unix (and to a lesser extent on Novell). The company has squared its shoulders and resolved to work with the hackers with what good grace it can muster. A Microsoft spokesman said, "The hackers do a service. We're listening and we're learning."
On Monday 7/21 the Trellix site  will open for free downloads of "Sneak Peek" version 0.8. I urge everyone who runs Windows 95 or Windows NT to give Trellix a close look.
> The plan worked out by the International Ad Hoc Committee to
> introduce competition to domain naming is on hold .
This assessment is incorrect. The IAHC is not on hold. It is very much proceeding. We are taking a bit longer to get the application form and second MoU (the ones the registrars must sign) out but we are within days of finishing it and starting to accept applications.
> on 7/10 an industry group called the Association for
> Interactive Media convened an "Open Internet Congress" in
> Washington , ostensibly to assure that business has a say
> in the governance of the Net.
Attendance was a whopping 48. They have no specific, constructive alternatives to the IAHC and, instead, seem only interested in stopping the IAHC work.
Your use of explicit citations underscores the rather troubling pattern of press coverage on this topic. Anyone who speaks out seems to be taken as credible, no matter how outrageous or factually incorrect their statements. The various AIM press releases are probably the most extreme example of this.
In reality, the list of supporting signatories for the gTLD MoU continues to grow and I encourage anyone who is interested to visit <http://www.gtld-mou.org> for details, including the most current version of the signatory list.
Followup: more comprehensive applet security
For an alternative to FinJan's filtering approach, have a look at my company's product which lets you run Java without having it cross your firewall.
Filtering approaches are either too severe, and stop you running anything at all, or else they run the risk of letting a hostile through. We solve the problem by running Java in a physically reinforced sandbox.
With the rate at which bugs in browser sandboxes turn up, keeping Java out of your intranet is the safest way.
100 apparently bona-fide names registered to Microsoft Corp.
10 names registered to other apparently legitimate entities
61 names registered to Danny Khoshnood, Los Angeles, CA
6 "copycat" hoaxes, or other names registered to people outside of Microsoft, and not served by Microsoft name servers
5 apparently personal names registered to Microsoft employees (?)
NetSurfer Digest -- mail firstname.lastname@example.org without subject and with message:subscribe nsdigest-html . Web home at http://www.netsurf.com/ .
TBTF home and archive at <http://www.tbtf.com/>. To subscribe send the message "subscribe" to email@example.com. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.