Hacker News new | past | comments | ask | show | jobs | submit login

According to Reuters, Microsoft is only sending traffic from computers that are infected with malware to Microsoft instead of No-IP.

http://uk.reuters.com/article/2014/06/30/us-cybercrime-micro...

That may still make people uncomfortable, but it seems much less egregious than Microsoft taking control of No-IP's domains, which is what this press release implies.

Edit: the reuters article is in error here, not the Microsoft Blog. See below. Turns out this really is as egregious as it sounds.




> Microsoft is only sending traffic from computers that are infected to Microsoft instead of No-IP.

Unfortunately that's false. See below:

dig -t ns no-ip.biz

; <<>> DiG 9.9.2-P2 <<>> -t ns no-ip.biz ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7020 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;no-ip.biz. IN NS

;; ANSWER SECTION: no-ip.biz. 7154 IN NS ns8.microsoftinternetsafety.net. no-ip.biz. 7154 IN NS ns7.microsoftinternetsafety.net.

;; ADDITIONAL SECTION: ns8.microsoftinternetsafety.net. 3560 IN A 157.56.78.93

;; Query time: 3 msec ;; SERVER: 10.1.1.3#53(10.1.1.3) ;; WHEN: Mon Jun 30 14:14:47 2014 ;; MSG SIZE rcvd: 117


The funny thing is that "microsoftinternetsafety.net" sounds just like a domain that a fake antivirus software would use.


so true, I would not trust that domain at all.


What DNS are you using?

On Google (8.8.8.8) or Comcast DNS I'm not seeing this for their top domains (no-ip.org, no-ip.biz, no-ip.info).

I wonder if your ISP is working with Microsoft.


This is simply a side-effect of how DNS updates. The data is propagating right now, as the root nameservers for the .biz tld are already returning the Microsoft DNS servers as the correct response. The TTL for the root appears to be a day, so you should see this everywhere in 14 hours from this post.

Source: 'whois' and 'dig +trace'


Ha. Good point. This was done at work, where we use MS Server's DNS.

<strike>I'm not sure if this is an artifact of our longer TTL, if MS is updating MS server DNS entries, or something else. Either way, at some point in time or in certain places, traffic resolved by no-ip was/is under Microsoft control.</strike>

EDIT: Looks like it may actually be a result of our shorter TTL, since google DNS appears to have 5.7 hours left on their records for no-ip.

Confirmed by a couple queries to the {a..k}.gtld.biz nameservers.


It's strange, I've yet to see it too, in Canada. Must be within a limited area for the ISP, or thanks to the collaboration with A10 Networks.

E.g. https://www.whatsmydns.net/#NS/no-ip.com


Microsoft has been doing more and more of this stuff lately, and it does start to worry me quite a bit. The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers".

I don't want Microsoft to have that kind of power, let alone use it. Worse yet, they make it sound like it's some kind of PR win for them. "Microsoft the hero, takes down evil network". But they usually try to hide how they did it. Very few articles mentioned they were uninstalling Tor from the computers the last time around. Most were just churning Microsoft's press release and the hero narrative.


> The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers"

They did not uninstall Tor. They disabled it. More importantly, this Tor was NOT installed by the user of the computer. It was installed by the malware for its own use, without the knowledge of the computer user [1].

> I don't want Microsoft to have that kind of power, let alone use it

Actually, if you are running anti-malware software, you DO want them to have this power, as finding and disabling things that malware has installed on your computer is the whole point of anti-malware software.

[1] http://www.tripwire.com/state-of-security/top-security-stori...


It is almost like giving one company monopoly control of the personal computer industry through a proprietary OS nobody can audit might not be the best plan.


Not necessarily "nobody". They do have a shared source program:

https://www.microsoft.com/en-us/sharedsource/default.aspx


Which incidentally doesn't let you access all of the source...


Not saying that it's right but Amazon, Google and Apple also have admin rights on their devices... (for example: http://www.nytimes.com/2009/07/18/technology/companies/18ama... , also http://www.computerworld.com/s/article/9213641/Google_throws... )


>The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers".

>Very few articles mentioned they were uninstalling Tor from the computers the last time around. Most were just churning Microsoft's press release and the hero narrative.

Microsoft's security software did that, that too only stopped it from automatically starting if it was installed by a known virus. So if you install and run a virus scanner, why wouldn't you expect it to block such attacks?

If you didn't want it to do that, I am sure there are ways to opt out from using Microsoft's security tools. Were there any reports of legitimate Tor users getting affected by the action?


To opt out uninstall Microsoft's malicious software removal tool.


An awesome free tool imo.


Ironic name. Software removal tool is malicious.


Debatable. When you install it and agree to the Terms and EULA you agree to allow Microsoft to uninstall software that it deems as malicious. I don't know if that means the tool is malicious.

Most people don't read EULAs. Caveat installing users.


My home VPN is unable to connect right now. I use a noip.me domain. The actions of both the courts and Microsoft are extremely concerning to me.


Same here, I was confused this afternoon when my home vpn hosted on a servebeer.com subdomain wouldn't connect. Now it makes a lot more sense, but I'm left with a very bad taste in my mouth.


Buy your own domain, preferably with a company outside the US. I use gandi.net and http://code.google.com/p/gandi-automatic-dns/

It's more expensive, but you control it.


>you control it.

Hardly. Any domain in the existing domain name system can be seized.


I'd like to see that on a global TLD. If you mean that any arbitrary country can seize a TLD belonging to that country, then yeah I guess you are right. You can always get a distributed TLD but then you have the problem of them not being resolvable unless the PC you are at is correctly configured.


What's a global TLD?


Sorry, I should say international non-US tld, or in other words, a TLD not under the control of the US.


US controls root/'.' via ICANN and can theoretically seize anything under the DNS system

Only reason they don't for gTLDs is because of the political fallout




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: