Re: Chinese root CA issues rogue/fake certificates

We've received several unsolicited certificate approval requests from wosign sign on high-value domain names we manage. Wosign has never responded to our requests for information about the requesters. There really isn't anything we can do other than ignore the requests, but clearly somebody is p

Re: Chinese root CA issues rogue/fake certificates

mozilla.dev.security thread: https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I/discussion On Aug 30, 2016 10:12 PM, "Royce Williams" wrote: > On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke > wrote: > > > > http://www.percya.com/2016/08/chinese-ca-wosign-faces-rev

Re: Chinese root CA issues rogue/fake certificates

On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote: > > http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html > > One of the largest Chinese root certificate authority WoSign issued many > fake certificates due to an vulnerability. WoSign's free certificate > service allowed its u

Chinese root CA issues rogue/fake certificates

http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html One of the largest Chinese root certificate authority WoSign issued many fake certificates due to an vulnerability. WoSign's free certificate service allowed its users to get a certificate for the base domain if they were able

Re: Don't press the big red buttom on the wall!

One day, when I ran the Harvard Chemistry computing facility, I was greeted on my way in by panicked profs and grad students that the big VMS VAX (8MB! two memory cabinets! we gave tours!) was behaving strangely I forget what probably crawling. A lot of its use was for long-running jobs, week plu

Re: Don't press the big red buttom on the wall!

On August 30, 2016 at 16:26 eric.kuh...@gmail.com (Eric Kuhnke) wrote: > Does this mean you could drive around with a (illegal, but not difficult to > build or obtainl) 20W wide band VHF/UHF jammer radio fed into a 1 meter > parabolic dish, aim it at random buildings and set off peoples' halon

Re: Don't press the big red buttom on the wall!

Back when there were external disk drives with disc packs my boss said "what does this switch do?" then flipped it. The next thing that happened was the paper console started printing as the mounted disc drive had just been powered off on the VAX 750. oops. We all had a unscheduled lunch as the

Re: Don't press the big red buttom on the wall!

On 8/30/2016 15:46, b...@theworld.com wrote: About the worst that ever happened to me was a security guy's walkie-talkie setting off an instant Halon drop. Cost about $10,000 to refill and was fairly exciting for those present. That also cut the machine room's power. At least it didn't set of

Re: Don't press the big red buttom on the wall!

On 8/30/2016 09:40, Keith Stokes wrote: At one point in one data center I dealt with a disgruntled employee hit the UPS disconnect button on the way out. Same story, procedures modified, cover put over switch with a hammer to break the glass, lessons learned, accounts credited. A very long ti

Re: Cloudflare reverse DNS SERVFAIL, normal?

In message <46671dc5-3138-4e7a-a5af-631b98fe3...@delong.com>, Owen DeLong writes: > > > On Aug 30, 2016, at 15:02 , Mark Andrews wrote: > > > > > > In message <926f8b85-8864-4424-beaa-1836b718a...@delong.com > >, Owen DeLong > writes: > >>>

Re: Cloudflare reverse DNS SERVFAIL, normal?

> On Aug 30, 2016, at 15:50 , valdis.kletni...@vt.edu wrote: > > On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said: > >> I run a pair of nameservers. Let’s call them ns1.company.com >> and ns2.company.com > >> Someone registers example.com and points NS records in the COM zone at my >> names

Re: Cloudflare reverse DNS SERVFAIL, normal?

> On Aug 30, 2016, at 15:02 , Mark Andrews wrote: > > > In message <926f8b85-8864-4424-beaa-1836b718a...@delong.com > >, Owen DeLong writes: >>> On Aug 29, 2016, at 17:01 , Mark Andrews wrote: >>> >>> >>> In message <20160829234737.ga1

Re: Don't press the big red buttom on the wall!

Does this mean you could drive around with a (illegal, but not difficult to build or obtainl) 20W wide band VHF/UHF jammer radio fed into a 1 meter parabolic dish, aim it at random buildings and set off peoples' halon systems? Wow. On Tue, Aug 30, 2016 at 1:46 PM, wrote: > > About the worst tha

Re: Don't press the big red buttom on the wall!

If public transit operators can put a breakable plexiglass shield over the emergency door opening handle, on every bus, it's not a very high technical barrier. On Mon, Aug 29, 2016 at 2:51 PM, Sean Donelan wrote: > > See that big red button on the wall under the sign "Do Not Push This > Button!"

Re: Cloudflare reverse DNS SERVFAIL, normal?

On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said: > I run a pair of nameservers. Let’s call them ns1.company.com > and ns2.company.com > Someone registers example.com and points NS records in the COM zone at my > nameservers. I would have expected that the resulting NXDOMAIN replies from n

Re: Cloudflare reverse DNS SERVFAIL, normal?

In message <926f8b85-8864-4424-beaa-1836b718a...@delong.com>, Owen DeLong writes: > > On Aug 29, 2016, at 17:01 , Mark Andrews wrote: > > > > > > In message <20160829234737.ga16...@cmadams.net>, Chris Adams writes: > >> Once upon a time, Mark Andrews said: > >>> The following is general and is

Re: Cloudflare reverse DNS SERVFAIL, normal?

> On Aug 29, 2016, at 17:01 , Mark Andrews wrote: > > > In message <20160829234737.ga16...@cmadams.net>, Chris Adams writes: >> Once upon a time, Mark Andrews said: >>> The following is general and is not directed at Cloudflare. I know >>> some people don't think errors in the reverse DNS are

Root and ARPA DNSSEC operational message -- signature validity period

DNSSEC signatures in the Root and ARPA zones are currently given a validity period of 10 days. The validity period is being increased to 13 days, per the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003). Note that we are not aware of any cases where the 10-day signature vali

Re: Don't press the big red buttom on the wall!

About the worst that ever happened to me was a security guy's walkie-talkie setting off an instant Halon drop. Cost about $10,000 to refill and was fairly exciting for those present. That also cut the machine room's power. At least it didn't set off the sprinkler system. We sat down with the Hal

Re: Don't press the big red buttom on the wall!

Wow, since Im in Canada *WE* are the ones who usually don't get to watch anything, and no $vendor has gone and made it available in any way to legally purchase here either. (See stories of proxies being blocked to Netflix US from Canada - to get the tastier US content unavailable to us - and piracy

Re: Don't press the big red buttom on the wall!

Hi, whilst we're posting YouTube clips. maybe they'd have been better off keeping a copy of the Internet https://www.youtube.com/watch?v=iDbyYGrswtg ;-) alan

Re: Don't press the big red buttom on the wall!

Hi, > https://www.youtube.com/watch?v=NITBfc1EOBo#t=27s "This video contains content from B_Viacom, who has blocked it in your country on copyright grounds." I love YouTube and copyright regional laws :/ alan

Re: Don't press the big red buttom on the wall!

At one point in one data center I dealt with a disgruntled employee hit the UPS disconnect button on the way out. Same story, procedures modified, cover put over switch with a hammer to break the glass, lessons learned, accounts credited. On Aug 30, 2016, at 9:21 AM, Ken Chase mailto:m...@sizo

Re: Don't press the big red buttom on the wall!

3 of my internet-lifetimes/startups ago, we had this happen when one of the L2 techs was doing their 'rounds' - but had a backpack on. They swung around and hit the safety cover on the BRS - which got knocked off. They freaked out a bit while putting the cover back on... and managed to activate it.

RE: Looking for Spamhaus contact

Hello, It has been pointed to me that the PBL Contact information is located in the "Help (Guide)" menu item the PBL Account. This opens a new page and the contact email is right at the bottom of the page. Not sure how I missed it. Thanks to all of you who contacted me offline. > From: dim

Re: Handling of Abuse Complaints

Hi, On 29 August 2016 at 16:55, Jason Lee wrote: > NANOG Community, > > I was curious how various players in this industry handle abuse complaints. > I'm drafting a policy for the service provider I'm working for about > handing of complaints registered against customer IP space. In this example