Fwd: Netcraft News - Wednesday October 27, 2010
صادق
From: <anno...@lists.netcraft.com>
Date: Wed, Oct 27, 2010 at 16:01
Subject: Netcraft News - Wednesday October 27, 2010
To: sad...@gmail.com
| Having trouble reading this email? Read online, Follow Us on Twitter, or Subscribe via RSS | ||
 |
||
Netcraft ServicesPhishing & Security
Internet Data Mining
Internet ExplorationPerformance
AdvertisingAbout NetcraftContact UsArticle Categories
Archives |
Yesterday, two of the IP addresses used by the site belonged to Amazon EC2 instances in the United States, but these are no longer being used. Today, the Iraq War Logs site is only being served from two IP addresses; one in France and an EC2 instance in Ireland.
However, the main WikiLeaks site at wikileaks.org is still using a US-hosted EC2 instance. More interestingly, the DNS for wikileaks.org is also controlled by a US company: wikileaks.org. 5160 IN NS ns4.everydns.net. wikileaks.org. 5160 IN NS ns1.everydns.net. wikileaks.org. 5160 IN NS ns2.everydns.net. wikileaks.org. 5160 IN NS ns3.everydns.net. In April 2010, EveryDNS was bought by the owners of DynDNS, which is well known for providing free dynamic DNS services. WikiLeaks will have prepared for US intervention over the Iraq War Logs, which could explain why warlogs.wikileaks.org uses different nameservers, hosted in France: ;; ANSWER SECTION: warlogs.wikileaks.org. 864 IN A 91.194.60.32 warlogs.wikileaks.org. 864 IN A 46.51.186.222 ;; AUTHORITY SECTION: warlogs.wikileaks.org. 864 IN NS gnou.octopuce.fr. warlogs.wikileaks.org. 864 IN NS benedict.serverside.fr. warlogs.wikileaks.org. 864 IN NS ns2.octopuce.fr. The short TTL (time to live) on warlogs.wikileaks.org is typical of any site that may need to change its location in a hurry, and is reminiscent of the actions carried out by Microsoft in 2004 after they anticipated www.microsoft.com being attacked by the "MyDoom.B" virus. SCO also made a similar change, setting their TTL as low as 60 seconds. The 15 minute TTL on warlogs.wikileaks.org allows WikiLeaks to change the site's location relatively quickly, should any of the hosting locations be attacked or taken down. Netcraft has not seen the site suffering any outages yet. Nonetheless, WikiLeaks' hosting is not as bulletproof as some make out. Besides the US-based nameservers used by wikileaks.org, another potential weakness for all sites under the wikileaks.org domain could be the choice of domain name registrar: Dynadot LLC is a US company and thus has to consider US law as well as ICANN regulations. This could suggest that the US government is reluctant to disrupt access to warlogs.wikileaks.org, even though they appear to be capable of doing so.
Posted by Paul Mutton on 27th October, 2010 in Around the Net
Yesterday, we wrote about the Firesheep extension for Firefox, which brought session hijacking to the masses. Ostensibly a tool to highlight the unencrypted session handling employed by many popular websites, its user-friendliness allows novices to sniff out and hijack sessions that are not protected by SSL. Unsurprisingly, the newfound simplicity of launching these session hijacking attacks kicked up quite a fuss on Twitter, and Firesheep received over 100,000 downloads overnight. IdiocyIn response to the rapid uptake of Firesheep, Jonty Wareing has just released a somewhat different tool called Idiocy. This acts as "a warning shot to people browsing the internet insecurely" by sniffing network traffic to see if anyone is visiting the Twitter website over an unencrypted HTTP connection; and if they are, it will hijack the session and automatically post a tweet to warn them that they are vulnerable. The tweets helpfully include a link to a page which explains what happened, and how to prevent it happening in the future.
So rather than allowing anybody to exploit session hijacking for malign purposes, this tool tells the 'victim' how to browse more safely. The code and documentation for Idiocy is available from Jonty's GitHub repository.
Posted by Paul Mutton on 26th October, 2010 in Other
Shortly after WikiLeaks went live with their Iraq War Logs on Friday, UK-based Alex Norcliffe noticed Netcraft showing the new site to be hosted by Amazon EC2 in Ireland. Alex checked the IP addresses being used by the site and discovered it was being served from five locations in total, including two other Amazon EC2 instances that are located on US soil.
Amazon's EC2 web service is perhaps ideally suited for sites like WikiLeaks, which may receive huge bursts of traffic when important leaks are announced. Any EC2 site using the Amazon Cloudwatch monitoring service can enable the Auto Scaling feature to automatically scale up a site's capacity to cope with traffic spikes, or scale it down at less busy times to reduce costs. The main WikiLeaks site, wikileaks.org, is also using round robin DNS to serve some of its requests from Amazon in the US. Prior to this, the site was hosted by PeRiQuita AB in Sweden, using the Sun Java System Web Server 7.0. Both wikileaks.org and warlogs.wikileaks.org are now using Apache 2.2.16 on Debian Linux.
Posted by Paul Mutton on in Other
|
|
|
Copyright © Netcraft Ltd 2010. All Rights Reserved.
|
||
WikiLeaks is no longer using US servers to deliver content for its Iraq War Logs site at 
Digg
Slashdot
Reddit
StumbleUpon
Delicious
Technorati
Subscription Details
To Subscribe: Send a message to webserver-sur...@lists.netcraft.comTo Unsubscribe: Send a message to webserver-surv...@lists.netcraft.com
To Get Help: Send a message to webserver-...@lists.netcraft.com