Profile picture
Bill Woodcock @woodyatpch
, 7 tweets, 2 min read Read on Twitter
This morning's successful DNS attack against Amazon and MyEtherWallet highlighted a few of the specific vulnerabilities that @Quad9DNS and @PCHglobal protect against, so we just drew this diagram to explain some of the weak links in the chain, and how we address them.
The one thing that would have done the most to protect users from today's attack would have been DNSSEC validation. That wouldn't have prevented the attack, but it would have warned users that they were being man-in-the-middled, and ideally would have blocked the connection.
Quad9 uses DNSSEC validation, so if the MyEtherWallet domain were DNSSEC signed, we would have blocked the connection.
The BGP routing hijack against Amazon's IP addresses, which redirected recursive resolvers from Amazon's authoritative servers to the attacker's bogus servers depends upon the connection between recursive and authoritative servers being vulnerable.
Quad9 is the only recursive resolver which runs on the same platform as the world's largest authoritative server network, so all queries to domains for which PCH or anyone else on our platform is authoritative for, were completely protected against this form of attack.
That's not every domain, of course, and in particular, MyEtherWallet was using Amazon, which isn't on PCH's platform.
It's not possible to protect everyone from everything, but the combination of protections Quad9 and PCH offer would have fully protected both Quad9 users, and a company like MyEtherWallet, if they implemented best-practices like DNSSEC, or were on our authoritative platform.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Bill Woodcock
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @woodyatpch see all

Profile picture
I look forward to seeing the results in a few years! Huge attention is needed to the educational pipeline, particularly in the US, where women are underrepresented to a much greater degree than in much of the rest of the world.
It’s particularly sad for me, having seen the proportion decrease every year since I entered the industry in the eighties.
Likewise, it’s always refreshing for me to work in Africa, where the gender-balance is generally in accord with the population, and the tech industry doesn’t feel like a refuge for misogynists who couldn’t handle working together with women.
Read 3 tweets
Profile picture
Just a datapoint for those waiting for @Tesla Model 3s... I placed an order for the dual-motor version on July 8. Delivery is scheduled for August 14.
We postponed until today, due to some travel and scheduling on our side. Appointment was at 12:15. Sat around until the car was ready at 1:30. In the hand-over the Tesla guy discovered that the charge port door wasn't working, took it back to the prep shop...
...but amazingly had it back less than fifteen minutes later, working. Finally on the road at 2:30. So, about two hours of sitting around, with a depleted coffee machine and an impatient six-year-old. Very different experience from our Model X delivery in October 2016.
Read 5 tweets
Profile picture
As some of you are probably aware, I ended my fifteen years on the @TeamARIN board of trustees in order to make way for someone who was not yet another mediocre white guy, and we were very lucky to get the excellent @1carter. It's that time of year again, and I'm on the nomcom.
There are four days left in the nomination period, which runs through the end of July. A bunch of good people have been nominated, and the nomcom will forward a slate of five of the most-qualified people to the ARIN member electorate to vote for the two seats that are open.
One of those five is likely to be Paul Anderson, who's currently on the board. The ARIN electorate has displayed an unalloyed appreciation for the merits of incumbents, so it's very likely that Paul will be returned to his seat. That will leave four nominees and one seat.
Read 5 tweets

Related threads

Profile picture
1/Assume I figured this completely out. It's like a crypto Rosetta Stone.
github.com/ufasoft/coin/b…
2/ and this IX ABC
github.com/ixcoin123/elec…
3/ this beertokens, iXcoin, Litecoin, and ABE
github.com/coblee/Fairbri…
Read 43 tweets
Profile picture
A thread in response to Long Xingchun, visiting fellow at @RSIS_NTU, playing upon every possible bogeyman, predicting calamity in the event of the Quad “becoming a military alliance,” which seems a very distant likelihood at best. 1/8 globaltimes.cn/content/112815…
Promising cold war in Asia, Southeast Asia becoming the frontier of Sino-US confrontation, regional arms races, and proxy wars, and undermined development in Asia, Long has cast aside any claim upon objectivity or academic perspective. 2/8
This is just wild propagandizing and irresponsible fear-mongering, and appears to be just another PRC apologist pretending that China has no ability to effect change in its own course. 3/8
Read 10 tweets
Profile picture
Amazon’s decision to take #HQ2 to D.C. and NY is about enveloping government and media, the two primary checks on concentrated power in a democracy.

It’s decision to also go to Nashville is about deflection. 1/
Jeff Bezos’s intention is to usurp the authority of government: to set the rules by which other firms are allowed to trade and to levy a tax on their trade. 2/ See: thenation.com/article/amazon…
Bezos also intends to assume control of the government’s data and spending. Already #Amazon hosts a lot of federal data. It also controls the purchasing of many government agencies, all the way down to your local school district. 3/ See: ilsr.org/release-amazon…
Read 12 tweets
Profile picture
1\n #Amazon has done much more for building and deploying #IoT devices in a secure and robust manner than any other ecosystem organization. Their focus? Help build and deploy more connected devices. If you are building connected devices, this summary report is for you:
2\n Both their arms #Alexa and #AWS offer solutions at both the ends: the device (h/w and s/w dev kits) and the cloud. So how does it help you, the device maker? Let's find out. Every tweet below is an Amazon solution. Let's start with Alexa first.
3\n Control via #Alexa 1: If you've built a cloud connected device, use the Alexa SmartHome Skill to link it to Alexa. Then users can asks Alexa to ctrl your device, which goes to Alexa cloud, then to your skill, then your cloud and finally to your device. developer.amazon.com/docs/smarthome…
Read 15 tweets
Profile picture
Attack on Libya's National Oil Corporation

@drawandstrike @ThomasWictor @HNIJohnMiller @catesduane @rising_serpent @_ImperatorRex_ @Debradelai @GodlessNZ @almostjingo @TheChillum @HeshmatAlavi @ScheyChris

state.gov/r/pa/prs/ps/20…
The United States strongly condemns today’s terrorist attack against Libya’s National Oil Corporation in Tripoli, an assault against one of the country’s most vital economic institutions.
We offer condolences to the families of the victims and wish a quick recovery for those injured. We commend the efforts of the Government of National Accord to restore security and ensure that the National Oil Corporation is able to fulfill its mandate on behalf of all Libyans.
Read 6 tweets

Trending hashtags

#Hammond #Damascus #MAGA #Syria #vulnerabilities #EastGhouta #automotive #providence #sellout #Capitalism #s #Cyprus #canada #govt #scapegoat #FinCENfuqqed #cultural #ZIONISTS #candidates #sacrifices #education #domestic #Amazon #Trump #attack

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!