Tag Archives: DNS

Why Does Apple Take So Long to Bite?

Apple is again protecting itself, as Wired News reports: E-Tailers Get Apple Nastygrams

Apple is ordering several online iPod accessory vendors to stop using the word “iPod” in their names or URLs. Apple has sent legal notices to accessory vendors everythingipod.co.uk and iPodlife. “I’m very nervous that this whole affair will hurt our business financially,” said Barry Mann, director of everythingipod.

In August, Apple threatened legal action against iPod Essentials, which changed its name to mp3Essentials and handed ownership of the iPodEssentials.co.uk domain name to Apple.

Apple has my sympathy for this, and it makes sense to protect consumers from rubbish products that might to the untutored eye look like an Apple creation. But a couple of things confuse me. First off, why does it take them so long to get around to warning these guys? Everythingipod.com as a domain was first registered in December 2001: It takes Apple lawyers four years to track them down? What were they using? Snow shoes?

The cynic might be forgiven for thinking that Apple waits for these accessory businesses to get successful and then dumps on them. After all, as Wired News points out, Apple has its own Made for iPod program, which requires manufacturers to comply with set standards, use certain manufacturers for some components and pay a percentage of wholesale earnings to Apple.

So, the cynic would argue, there’s no point in crushing these third party web sites until they’re up and running. Wait until they’re successful and then start milking them. After all, these third party vendors and manufacturers are useful since they enhance the product, encourage retailers to give over more space to the whole iPod thing, and keep users interested. I’m sure there’s no truth to such a cynical view but it does leave some questions unanswered.

For instance: You might argue it’s hard for Apple to keep tabs on these third party websites. But I find that hard to believe. One short DNS search throws up literally hundreds of websites registered with ipod somewhere in the name, many of them more than a year old. (Just out of interest, what is planned at www.ipod-dating.com and http://www.ipod-porn.co.uk/?) This is easy stuff to keep an eye on. Either Apple’s lawyers are not doing their job or else there’s something else afoot here.

Phishing Toolbars — The One That Works

Last week I wrote in my WSJ.com/AWSJ column (sub required) about the cross site scripting phish I received a few weeks ago (it appeared late because of the Easter holiday.) The point I made in the column is that most of the browser toolbars designed to prevent phishing failed to warn the user of the attack.

Some readers have asked which toolbars didn’t work. I didn’t have space in the column to list them, but I did mention that one worked: Netcraft’s Anti-phishing Toolbar. Sadly it only works with IE, but since most banking sites still insist on only functioning in that browser, this is not too much of a handicap. Netcraft are actually an interesting, serious bunch of people who do good work, not least their DNS search engine. (They also measure server traffic, and pointed a few days back to a burst in visits to the Vatican’s website as the Pope lay on his deathbed.)

Anyway, next posting I plan to list the toolbars that didn’t work on the Charterone phish.

Behind the Akamai DDoS Attack

A bit late (my apologies) but it’s interesting to look at the recent Distributed Denial of Service attack on Akamai, an Internet infrastructure provider.

The attack blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo’s Web sites for two hours on Tuesday by bringing down Akamai’s domain name system, or DNS, servers. These servers translate domain names — www.microsoft.com — into numerical addresses. The attack was made possible by harnessing a bot net — thousands of compromised Internet-connected computers, or zombies, which are instructed to flood the DNS servers with data at the same time. This is called Distributed Denial of Service, of DDoS.

But there’s still something of a mystery here: How was the attacker able to make the DDoS attack so surgical, taking out just the  main Yahoo, Google, Microsoft and Apple sites? As CXOtoday points outAkamai is an obvious target, since “it has created the world’s largest and most widely used distributed computing platform, with more than 14,000 servers in 1,100 networks in 65 countries.”

Indeed, before Akamai admitted the nature and scale of the attack there was some skepticism that this could have been a DDoS: ComputerWorld quoted security expert Bruce Schneier as saying “My guess is that it’s some kind of an internal failure within Akamai, or maybe a targeted attack against them by someone with insider knowledge and access.”

The Ukrainian Computer Crime Research Center says it believes the attack was a demonstration of capabilities by a Russian hacker network. As evidence they point to an earlier posting by Dmitri Kramarenko, which describes a recent offer by a Russian hacker to “pull any website, say Microsoft” for not less than $80,000. The story appeared four days before the DDoS attack.

McAfee Comes Late To Rev. Bayes’ Party

McAfee seems to have come somewhat late to the spam party: Network Associates, Inc. , ‘the leader in intrusion prevention solutions’, today announced that it has incorporated “powerful new Bayesian filtering into the latest McAfee SpamAssassin engine”. What, only now?

Bayesian filtering is a pretty powerful weapon in the war against spam. I use POPFile and K9 and would recommend either, not least because they’re free. But why has it taken so long for McAfee to get around to including it in their SpamAssassin product?

To be fair, the McAfee Bayesian filter is “fully automated in its learning abilities, whereas other competitive solutions require manual training by users or systems administrators”. That is an improvement, but I wonder how well it works.

SpamKiller/Assassin also includes some other features, including Integrity Analysis, which applies algorithms to determine if the email is spam, Heuristic Detection, Content Filtering, Black and White Lists and DNS-Blocklist Support.