Does easyDNS Know Your Passwords?


Weekly Axis Of Easy #8


In this issue:

    • Theresa May calls for “Global Internet Regulation” to deprive Terrorists of “Safe Spaces”

    • Canadian RCMP to bring charges in Morocco for remotely launched cyber-attack

    • Does easyDNS know your passwords? No. Here’s how we analyze credential dumps.

    • Creative Destruction: Society is eating itself and rebuilding for the networked age.

Theresa May calls for “Global Internet Regulation” to deprive Terrorists of “Safe Spaces”

Despite that there have been no known internet-based catalysts ascribed to the recent terror attacks in the UK, Theresa May has been pushing hard for a global, coordinated clampdown on the Internet, primarily through weakened encryption and government accessible “back doors”.  The efficacy of doing so is dubious since, as this counter-terrorism expert informs, radicalization of terrorists occurs in-person, not online. Weakening encryption would only penalize law abiding citizens, as criminals and terrorists would be certain to use full strength security tools.

Read: https://www.theverge.com/2017/6/4/15736852/uk-prime-minister-theresa-may-new-internet-regulations-london-attacks

and: https://www.wired.com/2017/06/theresa-may-internet-terrorism/

Canadian RCMP to bring charges in Morocco for remotely launched cyber-attack

A little over three months ago, a cyber-bully in Morocco sent a series of offensive emails to female and staff at the University of Moncton, New Brunswick which were characterized by authorities as “cyberterrorism”. The man allegedly intimidated the recipients, as well as taunting them that being in Morocco, he was, so he though, “untouchable”. Think again, as the RCMP have been working in co-operation with Moroccan police and crown prosecutors to charge the man. As they say, “The mounties always get their man”. 

Read: http://www.cbc.ca/beta/news/canada/new-brunswick/rcmp-police-morocco-moncton-cyberattack-1.4135677

Does easyDNS know your passwords? No, Here’s how we analyze credential dumps.

After we posted about the results of our analysis of the Antipublic credential leak I’ve received several emails from concerned members that either we must have the ability to decrypt your easyDNS passwords, or else we must be storing them in the clear. Neither of which is the case.

It’s the credential dumps that contain the cleartext passwords. Your passwords here are most definitely encrypted. What we do is take the cleartext password from the credential dump, encrypt it, then compare the encrypted string against the one stored here. If they match, then that’s the password. Nothing esoteric about it, it’s the exact same process that happens every time you log in to your control panel.

Creative Destruction: Society is eating itself and rebuilding for the networked age.

I think I have all of Joshua Cooper Ramo’s books, which are essential reading for understanding (among other things) how power is both concentrating and decentralizing at the same time. This interview via SinguarityHub is a great introduction to his work, with a fascinating “case study” on how these principles came to play out during that abortive coup d’etat in Turkey last year, which was repelled largely via an iPhone and FaceTime.  

Read: https://singularityhub.com/2017/06/04/society-is-destroying-and-rebuilding-itself-for-the-networked-age

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

     Jun 5, 2017: Discover Your Odds Of Being Replaced By A Robot

     • May 29, 2017:  Google Now Tracks Your Offline Credit Card Purchases, Linking Them To Your Online Profile

    • May 22, 2017: The world’s most important resource is: your data

    • May 15, 2017: What you need to know about the WannaCry Worm

    • May 8, 2017: Facebook Ads Targeting Teens Based on Emotional State

    • May 1, 2017: DoublePulsar: The Leaked NSA Exploit Kit Spreading In the Wild

Leave a Reply

Your email address will not be published. Required fields are marked *