Category Archives: Internet

Law.tm Got Hacked – Via DNS?

Starting sometimes late Friday, my personal web page at law.tm stopped returning my boring homepage, and instead produced this:

There was also a sound track, produced by embedding this youtube video of “Epic Anonymous Rap song – Hackers” several screens below the main image:

Naturally, I wasn’t pleased, even if I sort of liked the middle part of the rap. Why attack me of all people? I’m for net freedom. Worse, the hack was blocking my main personal email address. Still worse, I was no longer able to access the domain via sFTP or ssh — everything timed out — making debugging somewhat challenging.

Eventually I figured out another way to log into the host machine, and verified that none of the files on the law.tm domain, including the .htaccess file, had been changed. This removed the most likely vector of the attack. That left two possibilities: The first was the very unlikely possibility of some very subtle SQL injection attack plus a level of traffic so hosing the domain that I couldn’t get through to it via ssh; this seemed unlikely because if there really was some DDOS-like event in progress I would have heard about it from my hosting company, Dreamhost, when the machine crashed, plus the redirect of the web page shouldn’t have worked either.

That left option #2 as the main suspect: a hack of the DNS records. The DNS records for this particular domain are manged by a different company than my web host, and their help desk is (a) located in London and (b) only open 9-5 London time Monday-Friday, leaving me high and dry for the weekend (smart hackers?). Perhaps coincidentally, perhaps not, I had just renewed the law.tm domain a few days earlier with the Netnames registrar. So the only thing I could do while I waited for the Netnames help desk to wake up was try to satisfy myself that this really was a DNS hack. That proved harder than I would have liked: the DNS records seemed to show incorrect information, with web requests for the domain being pointed to 80.249.100.3 and mail being sent to 75.102.13.215, neither of which was right. But then again sometimes the nslookup would come up ok with the right data. It could have been a propagation issue but why then were my http requests, even when I cleared DNS cache, never going through to my real page? Maybe, I worried, I didn’t know how to read the DNS records properly.

So I struggled with the problem. On Saturday I felt hamstrung by unusually slow and poor helpdesk support by Dreamhost, who have been much better in most of my past interactions. This time they announced a new-to-me policy that we couldn’t communicate by phone, only email, as they want a written record of anything relating to a security issue. And it took hours to get the first email response. When they did swing into action Dreamhost also refused to confirm I was having a DNS issue, even though that would have gotten them fully off the hook, saying only that the results were “ambiguous” … although in retrospect, that may have been an accurate assessment … so maybe score one for them after all. Unfortunately other than giving me an automated scan that showed possible problems elsewhere in things I manage but not on law.tm or its users. they didn’t say anything helpful about what else the problem might be.

In the end, thankfully, the problem seemed to solve itself this afternoon. The dig and nslookup data changed for the better — no more signs of the 80.249.100.3 or 75.102.13.215 IP numbers. OpenDNS’s cache started reporting the right info in more and more locations. Pretty soon all was back to normal. I even got a few — so far, sadly just a few — of the test messages I’d sent myself. (If you emailed me Friday evening or later, send it again please).

So I’m now pretty sure it was a DNS issue. Whether netnames got hacked (it’s happened before), or whether it’s some particularly ham-handed activity in connection with the domain name renewal, I may never know. Everyone I used to know at Netnames, which has been taken over once or twice since I last looked, seems long gone.

Posted in Internet | 1 Comment

Cute Election-Day Web App

The NYT offers 512 Paths to the White House — a cute online app in which you choose how you think key swing states will come out and it tells you what other states the candidates have to get in order to win.

Give Romney Florida, and Obama Ohio, and then see just how many states Romney still needs to win. Basically if Obama takes Virginia OR Wisconsin plus any one of NC, Colorado, Iowa, Nevada, New Hampshire, he wins (except that New Hampshire + Wisconsin is a tie, which means the House will pick Romney).

A little morning fun, and a way to keep track as the results come in. Spotted via Talk Left.

Posted in 2012 Election, Internet | Leave a comment

Big Brother is WWWatching You (feat. George Orwell)

Rap News 15:

Good stuff! Lots of cute in-jokes too.

Spotted via BoingBoing.

Posted in Civil Liberties, Cryptography, Internet, Law: Privacy | Leave a comment

That’s a New One

Visiting the New York Times online dining section in order to link to What Restaurants Know (About You) for my seminar on ‘Regulation of Identification’, I get this popup:

Google has disabled use of the Maps API for this application. This site is not authorized to use the Google Maps client id provided. If you are the owner of this application, you can learn more about registering URLs here: https://developers.google.com/maps/documentation/business/guide#URLs

Coding error? NYT not paying its bill? The message popped up at the front page of a section, so it’s hard to see the NYT failing to have registered it.

Posted in Internet | 1 Comment

Yes, Assange Would Be Safer in Sweden

One thing that always comes up when I discuss WikiLeaks with other lawyers, whatever country they may be from, is shared incredulity at Assange’s claim that he faces a great risk of hypothetical extradition to the US from Sweden, or that his risk would be greater there than in the UK…especially given that when it comes to extradition to the US, the UK has to be in the running for Top Poodle. But what do I know about Swedish law?

Thus, it it is reassuring and unsurprising to find a quality analysis of the Swedish legal rules relating to any hypothetical extradition request. And, no, according to Klamberg on Extraditing Assange from Sweden to the U.S. Assange wouldn’t seem to have much to worry about.

Which leads suspicious minds to wonder if perhaps there isn’t some other reason why Assange doesn’t want to be extradited to Sweden?

Posted in Internet, Law: International Law | 4 Comments

Slides From my P3P Talk

I thought I would post the slides from my P3P talk. I’m not sure if I will write this up into a paper. On the one hand, there’s really nothing surprising in what I’m saying here. On the other hand, there doesn’t seem to be a paper out there that directly addresses the topic, so there would at least be some point in writing it up.

A. Michael Froomkin, Platform for Privacy Preferences (P3P): Lessons Learnt for Privacy Standards (Oslo, Aug. 21, 2012).

I’ve also attempted to embed the files, but that doesn’t seem to be working out….

[gview file="http://staticd.discourse.net/site/wp-content/uploads/2012/08/P3P-talk-Froomkin-021.pptx"]

Posted in Internet, Talks & Conferences | Leave a comment

Xmarks is Back

Xmarks is back. I found this on their twitter feed:

We experienced unscheduled downtime, we apologize for the inconvenience. Please try a “repair” for ongoing errors: http://bit.ly/MlqXKf

Which leads you to this ‘perfect storm’ explanation:

Xmarks bookmark sync has experienced unscheduled downtime over the last 20 hours. This morning the decision was made to disable syncing to facilitate recovery.

Xmarks has gone to backups to restore the service for impacted Xmarks bookmark sync users. If you use Xmarks bookmark sync please double check any bookmarks you’ve made over the previous 48 hours from 7/1/2012.

At this stage all users should be back in working order from the server, if you’re having issues we’d recommend trying Xmarks Settings -> Advanced -> Repair first. You may want to consider simply using Upload instead to push your local set up to the server if you notice inconsistencies.

If you use Firefox you can reference the bookmarks backups that Firefox automatically creates: http://kb.mozillazine.org/Backing_up_and_restoring_bookmarks_-_Firefox

A number of issues came together causing Xmarks to experience this problem:

- While our datacenters were not impacted, our staff was impacted by the storms that hit the Washington DC area – leaving many of our employees without power, without Internet, and without working phones.
- Our offices are also without power impacted by the storms so using them was not a possibility either.
- Nearly all of our servers were impacted by the bug detailed by Mozilla here: https://bugzilla.mozilla.org/show_bug.cgi?id=769972
- We found that rebooting machines fixed the issue before we found out the true cause (and the above bug report). Rebooting worked but a number of machines failed to shutdown gracefully causing issues bringing back up the cluster cleanly.

We apologize for this issue and thank you for your patience. We will be looking into ways we can further mitigate our risks against threats like these in the future.

That Firefox bug, by the way is ‘Java is choking on leap second‘. That plus a major power outage is very very bad luck indeed. The leap second bug had some nasty effets around the world — grounding Qantas flights and crashing various internet services.

Previously: Xmarks is Down.

Posted in Internet, Software | 1 Comment