WingNews logo WingNews
top | item 34035337

(no title)

jdong | 3 years ago

>(This isn't a particularly idle concern. Amazingly Microsoft once got a court to let it take operational control of the domain no-ip.org — that is, to actually hijack the domain — a dynamic DNS service used by countless people — simply because one user was apparently using it for malware-related purposes.)

What a dishonest take. Microsoft didn't wasn't granted this court order because there was one bad no-ip user, Microsoft was granted the court order because there was a bad no-ip user that no-ip wouldn't take action against.

Oh, and it wasn't one bad user. It was 22000 different hostnames.

discuss

order

hlandau|3 years ago

Author here.

If the sought action of the court case, and the outcome were, "the domain were taken down" that would be one thing. Domains get suspended by court cases all the time, that's not the issue.

What makes the no-ip.org case extraordinary is that Microsoft a) persuaded the court that the domain was being used for malware, and then b) persuaded the court that because of this, rather than doing something normal like compelling its operator to take down the afflicted subdomains, or failing that compelling a third party to suspend the domain, that they should be allowed to take over DNS service for the domain.

Microsoft is not the law and they have no special legal status. If a domain is being used for cybercrime it's one thing, it doesn't mean any random party should get to walk into court, complain about it, and then offer to "solve" the issue by randomly appointing itself DNS provider. Microsoft essentially hijacked and MitM'd the domain via court order, again demonstrating that the registries/registrars will always be a risk here.

The result I might add was a massive outage for a massive number of innocent no-ip.org users.

huggingmouth|3 years ago

I think the fundamental issue here is that the court actually granted Microsoft's rediculus request. The only valid ruling here was for the court to order the suspension of the domain.

Seeing that Microsoft are an unrelated third-party, what was the judge's reasoning for granting them specifically ownership of the defendant's property? Wouldn't it have made more sense to assign ownership to a government organization instead?

Did Microsoft reimburse the domain owner the value of the domain or did they just steal it without payment?

rosnd|3 years ago

>What makes the no-ip.org case extraordinary is that Microsoft a) persuaded the court that the domain was being used for malware, and then b) persuaded the court that because of this, rather than doing something normal like compelling its operator to take down the afflicted subdomains, or failing that compelling a third party to suspend the domain, that they should be allowed to take over DNS service for the domain.

This is a completely normal measure, simply taking down a domain is not nearly as effective anti-malware measure than sinkholing it. A sinkhole could in some cases uninstall the malware from affected computers, or at least identify their IP-addresses for notification purposes.

>Microsoft is not the law and they have no special legal status.

Exactly.

>If a domain is being used for cybercrime it's one thing, it doesn't mean any random party should get to walk into court, complain about it, and then offer to "solve" the issue by randomly appointing itself DNS provider

Microsoft is not a random party, it's a party whose business is directly affected by these illegal malware campaigns and has been repeatedly held to have standing in these cases.

>The result I might add was a massive outage for a massive number of innocent no-ip.org users.

Turns out that possibly most no-ip users were malicious https://umbrella.cisco.com/blog/on-the-trail-of-malicious-dy...

huggingmouth|3 years ago

Regardless of whether you think it's dishinest or not, his point still stands: tls mitm is not and cannot be mitigated via DNS.

tptacek|3 years ago

Nor with DNSSEC: the same government that gave Microsoft control over this zone has de jure control over DNSSEC key management for that zone.

throwaway0x7E6|3 years ago

so fucking what? it's an equivalent of a corporation invading and seizing control of an entire country because some people living there are doing it harm

rosnd|3 years ago

[deleted]

Rygian|3 years ago

That's like your landlord handing the keys to your condo to the bully upstairs because you have a cockroach problem.

dotancohen|3 years ago

More like your landlord handing the keys to your condo to the bully upstairs because somebody else on your floor has a cockroach problem.

rosnd|3 years ago

It's like a judge ordering you to hand over your keys to the person living underneath because you have a water leak you refuse to fix.

Perhaps the water leak was caused by someone else, but it's still in your apartment.

Fatnino|3 years ago

I have a domain on no-ip.org

I remember when this happened and I was trying to debug why I couldn't reach my home server.