Slashdot Mirror
US .gov WHOIS Info Restricted Over Attacker Fears
An anonymous reader writes "VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
I see no problem with this since there are proper steps in place to ensure that only US Government facilities and institutions can get .gov addresses. The databases of normal .com/.net/.org and such are available as public info mainly to ensure you know what company or entity is behind the domain (at least, that's what we assume).
So if they take them down, even to say it's for protection, are we losing a facility, really?
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
C/O George W. Bush
1600 Pennsylvania Avenue
Washington, DC.
Yup, wouldn't want anyone to know where HE lives, do we?
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
If you need whois data for a ".gov" domain, go to the General Services Administration.
sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
There shouldn't even be a .gov TLD.
.gov.us
It should be
...hide the contents of the websites too?
Not much point hiding the whois information of a domain if its accompanying website tells the whole world who and where they are...
-- Even if a god did exist, why the fsck should I worship it?
Don't say that too loudly - the *terrorists* might hear you! ;o)
Video Game cheats, hints a
Yet another place you can get whois data on .gov domains - Network Tools.
Video Game cheats, hints a
I think they should restrict access to the .gov DNS records also. Would go a long way in making the .gov net a whole lot more secure. :)
It had to be a matter of public record anyway, right? I don't see what this solves. I think the old term "Security throught obscurity" applies here. That term has also been trampled on time and again because it just doesn't work. Hide information via one source, get all confident that you're safe, and then get surprised when you're actually not.
Is there anyone out there who can explain what this accomplishes really? I'm seriously asking because I might be missing something.
Luck favors the prepared, darling.
I'm sure somewhere out on the Internet (Google.com comes to mind) the information is cached. How many times has information been available after lawsuits, infringements, and a range of other problems? How often are people able to get their email addresses of spam lists once it starts? I'm not going to be the one to post this information, but it's just something to think about...
While I think the intent is admirable, the net effect might be somewhat frustrating. For example, how are we supposed to get contact info if say a governement group's DNS goes south? Or maybe just a portions of it? what about entities that have been misapportioned? (Good example is the City of Albuquerque, NM.)
The quote that I found interesting is: "Also removed from the FTP site was the zone file for in-addr.arpa, which is used for reverse-DNS lookups (when somebody wants to find out what domain is associated with an IP address, rather than the other way around)." So is this a prelude for them to stop supporting rev. DNS? If it does stop, are they really aware of the potential consequences? (Stopped email, blocked access, etc.) What about who to contact and how to contact them about possible network outages?
Things like this might seem like a good idea at the time, but can (and do) lead to other problems. I am in favor of security as much as the next guy, but half though-out moves like this don't help.
-D.
P.S. I wonder if they are going to stop publishing things like the white pages (online or even the print edition)? Hey they do have government entity addresses and phone numbers?
I wonder whether .gov will find itself listed in
on rfc-ignorant
for this.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
Believe me, if there was some way to get Bush to STFU about his stupid Iraq-invading obsession, we would.
Does anyone in the US have the slightest interest in (a) invading Iraq or (b) using the "War on Terror" momentum up on Iraq, which had nothing the hell to do with Sept. 11th at all?
May we never see th
What is WHOIS?
The .GOV WHOIS database is a tool that provides users with the ability to lookup records in the registrar database. Using WHOIS, you can search for people, name servers, and domains. From a UNIX system, you can use the -h option to point to the .GOV WHOIS server, nic.gov. For example, to find out about gsa.gov, use the following command: "WHOIS -h nic.gov gsa.gov".
(posted anonymously to avoid karma-whoring)
I work for the government, and we had to remove the directions to our office from our website. Didn't quite understand this..since we have our address on our website and all you need is something like mapquest to get directions. Makes no sense.
I'd be more glad if they were doing something that had some hope of being effective.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
So, I read the attached article, and I understand what Verisign is doing. My question is: why? What is the motivation behind them blocking access to these whois records?
I agree with the article in saying "It seems so logical to take that
Actually, why do we have whois records for any domain?
www.timcoleman.com is a total waste of your time. Never go there.
frodo:$ dig whitehouse.gov soa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; whitehouse.gov, type = SOA, class = IN
;; ANSWER SECTION:
;; Total query time: 476 msec
;; FROM: frodo to SERVER: default -- 127.0.0.1
;; WHEN: Sat Sep 21 15:10:23 2002
;; MSG SIZE sent: 32 rcvd: 88
; > DiG 8.3 > whitehouse.gov soa
whitehouse.gov. 1D IN SOA eopc.eop.gov. postmaster.whitehouse.gov. (
2002072201 ; serial
15M ; refresh
5M ; retry
1W ; expiry
2H ) ; minimum
You know, if you hide the root servers DNS stops working, don't you?!
If at first you don't succeed, skydiving is not for you
I don't think that's "security through obscurity", rather "security through incompatibility".
You damn pot smoking Californians need to realize CA is not a country (as much as you wish it were).
.ca domain YOU HAVEN'T WON YET. I'm looking forward to .TX for Texas to leave the Union (and take GW with them).
Just because you somehow tricked the powers that be into making a
The .us country-code domain is not organised by entity type except in some special cases way down into the heirarchy.
First, there's a state code which uses the standard two-letter abbreviations for the states, then there's a 'region code' which will either be a city, region or large town. Under that people are free to register whatever they like, with some special cases.
The special cases are 'state' for special state-running bodies (are they called 'state government'?) and then a 'k-12' domain under which schools are organised by their respective school district.
The .us domain, then, is a lot more organised and distributed than most other countries, which is probably a good thing given its size. The RFC which proposed the organisation of the .us domain (whose number escapes me now -- try looking on the .us registry site) explains that they did not create .gov.us and similar because it would cause confusion, and that the US Federal Government alone would use .gov while state governments use .state.tx.us (or similar). At this stage in the game, moving the .gov domain to .gov.us would just cause a lot of problems as invalidating that many URLs en-masse is never a good idea.
Only shows how dumb some in the U.S. government/VeriSign are. On an aside, read up on the SAIC (they own a stake in VeriSign last I checked). Interesting. Anyways, many U.S. government sites rely on .COM, .NET, .ORG, and other TLDs as well for their operation so not sure how restricting only .GOV zone access does much really...
.COM - and since .GOV contains relatively few entries compared to the likes of .COM, the task of assembling much of the zone from the outside is quite trivial.
.GOV zone files on irc for porn, etc or maybe even trying to sell it like they do with email addresses.
.GOV zone without authorization and you too are a terrorist...better delete dig, whois, ping, right now!! :-;
And anyways restricting zone file access doesn't work - domain speculators and others have for years basically compiled their own for other TLDs such as
I'm sure idiots already are trading the
Off-topic ramble: It's sad to say, but it very much appears the terrorists are winning or some even argue already have won. Various people over the years used to warn that Americans could lose their freedoms quicker than they ever imagined - it's now happening; more detention camps are being constructed with vastly larger ones out on bid from my understanding - why would such large detention camps be needed? There aren't that many terrorists...unless the U.S. government now considers Americans terrorists...wait they already have...enemy combatants...and now the standard has been further lowered...query the
Ron
Why do we still have TLD's mapped to country names? Do they serve any essential technical purpose?
-- Slashdot: When Public Access TV Says "No"
After all, who really needs to do WHOIS look ups on government sites
.gov - after all, if they are too afraid to post harmless whois info, everyone with a clear mind should stay out of the blast radius.
How every sysadmin on the globe who would like to tell you that there's a problem with your servers, routers or users? Whois tells me who to contact (and sometimes, if it's a live attack, abuse@whoever.tld just doesn't cut it).
Maybe I should just firewall
Assorted stuff I do sometimes: Lemuria.org
It's not like Bush actually ever does real work! It's on perma-vacation a couple hours away from me.
--
Mod up a post Rob doesn't like and you'll never mod again
VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks.
Meanwhile, the government is trying to pass a law making it illegal for us to do the same thing.
isnt there some logic to the idea that obscurity is a nice addition the great security?
i mean, i can put on my bulletproof vest, make sure i have body guards... but what about the not eating at the same place every day. doesnt that help make it harder to kill me too?
i think patterns make you predictable, and obvious ecurioty patterns dont help.... and its easy to implement isnt it?
There's nothing Intelligent about Intelligent Design.
If you want to participare in a public network then they shouldn't be hiding whois information. Nobody is saying they can't run their own top secret nework (as I'm sure they already do to some degree) but participation in this giant public network involves some amount of conformance to standards.
Any information that is so critical to national security shouldn't be on the internet in the first place.
- Toby
If anyone has a mirror of this data perhaps they could run a whowas server.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
So bite me, and your piss-poor Troll mod. Now *this* is flamebait. (for your information)
As it is, myself and several others I know who handle domains have gotten emails from a company asking us to "renew" our domain. Further reading into this shows that the company sending the letter had no relation to the company from which the original domain was bought (though the word "renew" indicates a renew of the original "contract", scamming buggers). I figure that they go out looking for expiring domains and use WHOIS to find the billing contact to send their crapmail to. Being as there are many potentially more malicous uses for this, perhaps hiding the WHOIS isn't such a bad idea in some cases.
as it is with ever changing technology, theres no way to always be secure, not all the time. so no, you can never be fully protected... so again, why not keep moving?
There's nothing Intelligent about Intelligent Design.