Month: March 2018

  • DNS for authentication of ownership, and orphanage

    DNS for authentication of ownership, and orphanage

    There ‘s a reasonably large use of DNS for things other than ‘Doman Name Serving’. The use of TXT records (SPF, DKIM, Let’s Encrypt, …) is widespread (as is CNAMES etc) for purposes other than ‘resolving a host’. For example, if you bring your own domain to Google G-Suite, you demonstrate you own it by…

  • Speedtest & BBR, consistency

    Speedtest & BBR, consistency

    I’ve written a lot in the past about how speedtest is not a reliable tool. There is simply too much variation. Its also measuring all of your access, your ISP’s core, and the interconnection, and the server on the far side. All too frequently I hear of some ‘study’ where some new ‘speedtest’ tool is…

  • Et tu Redis? Another spear in the ‘trusted environment’ ideal

    Et tu Redis? Another spear in the ‘trusted environment’ ideal

    It pains me to say this, but trust is over-rated. You see I grew up in an era of Internet trust. Where you could just expect people would not sniff your telnet password, that port-25 wouldn’t be abused to send spam. I just wrote about etcd, and how its ideal deployment model (trust everyone who…

  • That’s the kind of password an idiot uses on his luggage: cloud security

    That’s the kind of password an idiot uses on his luggage: cloud security

    Say it ain’t so, etcd is on the public Internets? And its leaking like a sieve. A Shodan query shows 2593 etcd services out there flapping in the breeze. More detail was covered in Giovanni Collazo blog, but, in a nutshell, the combination of: simplicity. Its just easy to use and deploy etcd Insecure by…

  • The unbelievable weakness of identification/authentication, bank edition

    The unbelievable weakness of identification/authentication, bank edition

    So I am in the process of opening a new bank account + credit card with my existing institution. And I call to check on the status of the credit card. And the call goes like this: ring ring press 1 for english, 2 pour francais type in your 16-digit card number what is the…