rone | DIE VERI$IGN DIE DIE DIE

You're viewing

rone's journal
Create a Dreamwidth Account Learn More

Reload page in style: site light

Please visit:
http://fuckverisignintheear.net/
http://verisigncaneatshitanddie.net/
http://moltenleadenemaforverisign.net/

See Slashdot for more details.

Current Music: Varnaline - Velocity

Flat | Top-Level Comments Only

From:

dr-memory.livejournal.com

I am sitting here with steam leaking out my ears. I am gibbering with rage. If it weren't 2:20am, I'd be screaming at the top of my lungs.

Here's the BEST part:

It's not just a web server.

There's also an MX record. That points to a mail server. That answers and speaks SMTP.

For now, it merely accepts the MAIL FROM and RCPT TO commands, and gives a 550 error to the latter. Wonder how many of the addresses given in the former will receive sales email from Verisign in the near future?

And of course, I'm sure that the Department of Homeland Security would have no interest whatsoever in an email server that gets nearly every single last mis-typed email in the world...

From:

lusercop.livejournal.com

There is no MX record, just a port 25 listener on 64.94.110.11. And the script is just that, a script. It doesn't "accept MAIL FROM and RCPT TO", it just assumes that that is what you're doing and gives the appropriate response for that point in the dialogue.

You will be no doubt pleased to know that there are various patches for the nameservers to treat a positive response of 64.94.110.11 as an NXDOMAIN - got to be a good thing. I also updated my exim configuration to add the above address to the ignore_target_hosts setting, which means that it still treats it as unroutable.

If you're in the UK, this link (http://www.hinterlands.org/ver/txt/) may well be of interest, and there may be some equivalent for you US bods. (the nice thing about it being 0800 is that it costs them money for you to deal with it. (Unfortunately, I doubt that +44800 would work :-( ).

And of course, as if that weren't enough there's also the OpenSSH hole of the day. Oh well, at least that means that Theo's claim is going to have to move from "one" to "two".

From:

vardissakheli.livejournal.com

This seems to be bogging down My Big Imployer's nameservers as badly as the past month's virus attacks. I've forwarded the /. and NYT articles to some of my network support contacts now.

From:

vardissakheli.livejournal.com

I found this link in a newsgroup: http://www.imperialviolet.org/dnsfix.html (http://www.imperialviolet.org/dnsfix.html)

Anyway, there is a "Stop Verisign DNS Abuse" petition available at:
http://www.petitiononline.com/icanndns/ (http://www.petitiononline.com/icanndns/)

Don't know if anybody is applying these patches here, but at least the word is out.