L'histoire commence la semaine dernière quand j'ai commencé à recevoir du phishing pour le Crédit Mutuel, mais avec des URL qui pointaient toutes vers les serveurs de Wikimedia.
[...]
On se retrouve donc avec une technique insidieuse, ne résolvant vers le phishing que quand la demande est effectuée par les caches/DNS des fournisseurs Français. D'autant plus facile étant donné que la liste des IP des ces serveurs est forcément publique.
European Alternatives is a project that collects and analyzes European alternatives to digital services and products, such as cloud services and SaaS products. We regularly receive advice and suggestions from European Alternatives users, so feel free to reach out!
- Web analytics services
- Cloud computing platforms
- Content delivery network (CDN) services
- Email providers
- Virtual private server (VPS) hosters
- Search engines
- Transactional email service
- Domain name registrars
- Time tracking apps
- Navigation apps
- Uptime monitoring services
- File hosting services
- Machine translation services
- Object storage providers
- Microblogging services
- VPN services
- Managed DNS providers
- Professional networking platforms
- Function as a service (FaaS) providers
- Platform as a service (PaaS) providers
- Error tracking services
- Electronic signature software
- Public DNS resolvers
- Payment service providers
- Captcha services
- Spelling and grammar checkers
- Password managers
- Instant messaging apps
- Version control services
- Identity and access management (IAM) services
- Live chat software
- Web browsers
- Video conferencing software
- Document collaboration services
- Calendar services
- Email marketing services
- Font services
- WordPress hosting providers
- Team communication services
- Managed Kubernetes services
- Video hosting services
- Video platforms
- Maps API services
- Tag management systems
- DDoS protection services
- Session recording tools
- ACME SSL certificate providers
- Survey tools
- Marketing automation software
- Project Management Software
- SMS APIs
More details from a former Site Reliability Engineer at Facebook: https://twitter.com/RenaudGuerin/status/1445114486457880582
if you’re using Python, Alpine Linux will quite often:
- Make your builds much slower.
- Make your images bigger.
- Waste your time.
- On occassion, introduce obscure runtime bugs.
We faced an issue with DNS on alpine images too at work...
cf. https://wiki.musl-libc.org/functional-differences-from-glibc.html#Name-Resolver/DNS
You use it like this:
$ scarr init -domain falafel.exposed -name falafelexposed
Initializing...done
$ cd falafelexposed
$ vim scarr.yml # Edit a few fields here
$ echo "<html>The deadly secret of falafel</html>" > index.html
$ AWS_PROFILE=scarr scarr deploy
... a bunch of aws stuff happens automatically ...
$ curl https://falafel.exposed
<html>The deadly secret of falafel</html>
What it's doing under the hood is:
- Registers the given domain through route53 (prompts to confirm this)
- Creates a TLS certificate through ACM
- Uses route53 DNS to validate that certificate
- Creates an S3 bucket
- Creates a Cloudfront distribution pointed to that S3 bucket using the ACM certificate
- Creates an apex dns record pointing to that Cloudfront
- Syncs the current directory to that S3 bucket and invalidates the Cloudfront cache.
A week ago, I didn’t even know .dev was a real gTLD. Historically it’s just been the realm of programmers who need a fake domain for testing. The domain never really existed, we just told our computers to pretend it does.
But the .dev gTLD does exist. And guess who owns it?
That’s right.
It’s Google.
Suddenly, it all makes sense. Who can decide to make an entire TLD secure?
- HTTP/2
- TLS 1.3
- DOH: DNS over HTTP
- QUIC: a candidate replacement for the TCP protocol
since Google has already deployed QUIC in the Chrome browser and on its sites, it already accounts for more than 7% of Internet traffic.
Also mention this creepy & fascinating attack : http://codebutler.com/firesheep
There is a problem with how the Internet works today:
- HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks
- Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN
These problems arise out of two core Internet protocols: DNS and X.509.
DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.
Merci https://twitter.com/kevin_biger !