2012 Dec 7, 2:04
To setup my home Windows�dev box to be accessible from outside I followed two main steps:
Last time I had to do this there was a service named dynamicdns.org which seems to still exist but no longer appears to be free. Instead I used dnsdynamic.org which is free and has a web API
as well as links to and instructions for setting up native tools to dynamically update my IP address.
2012 Oct 1, 6:33
According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not
display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.
The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log
in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to
booby-trapped imposter sites.
2012 Aug 27, 4:25
dnsxss tool helps you inject via DNS
2012 Jun 4, 2:49
In Win8 you login with a Windows Live account. If you hook up a custom domain to a Live account you can login with that custom domain.
2012 May 7, 1:25
Its all quite shocking.
Fourth , when I explained that the blog publisher had received music from the industry itself, a government attorney replied that authorization was an “affirmative defense” that need not be
taken into account by the government in carrying out the seizure. That was stunning.
2011 Dec 27, 2:42 2011 Dec 23, 1:42
I’ve heard of hover previously. Sounds like a good place to go.
2011 Dec 4, 3:00
“The syntax for allowed Top-Level Domain (TLD) labels in the Domain Name System (DNS) is not clearly applicable to the encoding of Internationalised Domain Names (IDNs) as TLDs. This document
provides a concise specification of TLD label syntax based on existing syntax documentation, extended minimally to accommodate IDNs.” Still irritated about arbitrary TLDs.
2010 Dec 1, 9:58 2010 Jul 20, 6:45
Hack based on DNS rebinding plus home router's web front end.
2010 May 6, 5:48
New IDN TLDs are up. Try out http://xn----rmckbbajlc6dj7bxne2c.xn--wgbh1c/ (aka http://وزارة-الأتصالات.مصر/) in your favorite IDN implementing browser.
2010 Feb 25, 4:10
Comcast is running an opt-in DNSSEC trial for all Comcast customers. Their FAQ covers the incompat. of DNSSEC with their Comcast Domain Helper (typo DNS redirects to Comcast ads... bleh!): "What
happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC? We believe that the web error redirection function of Comcast Domain Helper is technically
incompatible with DNSSEC. Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented." Yay!
2010 Jan 15, 3:19
"The .arpa domain is the “Address and Routing Parameter Area” domain and is designated to be used exclusively for Internet-infrastructure purposes. It is administered by the IANA in cooperation with
the Internet technical community under the guidance of the Internet Architecture Board. For the management guidelines and operational requirements of the .arpa domain, see RFC 3172."
2010 Jan 5, 7:42
I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler
Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the
HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol
that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I
had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to
WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.
When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server
on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP
Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses
the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP
server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.
Various documents and tools I found useful while working on this:
2009 Dec 23, 9:58
Results of a set of black box tests on various characters in various parts of URLs in various popular browsers.
2009 Dec 3, 4:52
Having replaced HTTP with SPDY, Google digs deeper into the Web stack providing their own DNS servers. Also, as Waxy noted, you can't argue with the most memorable IP addresses I've seen: "Configure
your network settings to use the IP addresses 126.96.36.199 and 188.8.131.52 as your DNS servers". Also check out their DNS server's DNS prefetching in the performance notes.
2009 Jun 22, 3:28
Details on Firefox's DNS prefetching: "The Firefox implementation takes this approach one step further than just pre-resolving anchor href hostnames. It uses the prefetch logic on URLs that are being
included in the current document. By this I mean that it uses the prefetch logic on things like images, css, and jscript that are being loaded right away, in addition to anchor links which might be
clicked on at a slightly later time."
2009 Jun 22, 2:55
"To speed up browsing, Google Chrome resolves domain names before the user navigates, typically while the user is viewing a web page." In addition to noting what and how they do it, and how web devs
can control it, they give a few stats on how much it helps.
2009 Jun 22, 2:53
"Firefox 3.5 performs DNS prefetching. This is a feature by which Firefox proactively performs domain name resolution on both links that the user may choose to follow as well as URLs for items
2009 Jun 1, 11:07
When I heard that Live Search is now Bing
one of my initial thoughts was how'd they get that domain
name given the unavailability of pronouncable four letter .COM domain names
. Well, the names been used in the past.
Here now, via the Wayback Machine
is a brief, somewhat speculative, and ultimately anticlimactic history
2003 July: The first archived version of bing.com features "bing! is a small device (e.g., possibly even a small
Band-Aid(R)-like sticker!) that vibrates when a person's cell phone rings." I can't recall 2003 cell phones, were they big enough to require this device?
2004 August: Site for the same device is rewritten and looks much better, IMHO.
2006 June: The domain is now parked by easyDNS. I guess the "bing!" device didn't work out?
2006 November: Its now "BING*" and they won't say what they're working on ("we're still in stealth mode") but they are
hiring C#/.NET developers.
2007 January: And they're gone. Without even exiting stealth mode. Too bad, I liked their logo. Their domain is now for
2007 February: Looks like EasyMail buys the domain and offers a physical mailing service in Australia: "By simply clicking
a button on your computer, mail is beamed electronically to a bing post office. Your mail is automatically printed, folded, enveloped and dispatched into the Australia Post network the very same
Present: Now its the new home for Live Search of course.
The new name reminds me of the show Friends. Also, I hope they get a new favicon - I don't enjoy the stretched 'b' nor its color scheme.