Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At the Safety of Google Public DNS

Posted by kdawson on from the random-enough-maybe dept.

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

11 of 213 comments (clear)

  1. Re:Privacy for what? by beefnog · · Score: 5, Insightful

    The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

  2. Re:Privacy for what? by LOLLinux · · Score: 5, Insightful

    And what strikes me as even more silly is when people use the comeback of "But [insert person, group, company, etc] is (probably) already doing it too!" as if that justifies the actions of someone else.

  3. Re:Privacy for what? by maxume · · Score: 5, Informative

    Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

    --
    Nerd rage is the funniest rage.
  4. Re:Privacy for what? by DragonWriter · · Score: 5, Interesting

    The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

    The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP.

  5. Re:Privacy for what? by beefnog · · Score: 5, Insightful

    I'm not saying that it justifies it in any way. I'm merely pointing out that scapegoating a company that does genuinely good things while ignoring the company that routinely dicks its customers is odd. Plus, if you had read yesterday's article, you would understand that google is purging IP addresses from the records.

  6. Re:Privacy for what? by MozeeToby · · Score: 5, Insightful

    And what strikes me as even more silly is that Google has a privacy policy for the service that says all logs are deleted after 48 hours and aren't linked back to other Google services whereas I have no privacy statement at all about DNS from my ISP (since they slipped it in silently about 4 months ago).

  7. Re:Privacy for what? by sonnejw0 · · Score: 4, Insightful

    Except that Google has a lot of other information on us already, too. Cross-referencing data sets provides true statistical power. Our ISPs do not have the same information that we voluntarily give Google. There's regulation against our ISPs stealing the information that gets passed through them. There's no stopping voluntarily giving Google control of our email, calendar, health records, DNS requests, marketing information, voicemail transcripts, blog articles ...

  8. Yeah, sure, give them even more information by cheros · · Score: 4, Insightful

    I find it amazing that nobody seems to notice that adding an ECHELON and a DCS1000 feed to Google is making it like the NSA, but where people actually VOLUNTEER data. In addition, it's Terms of Service give it more legal freedom to use and abuse your information and intellectual property than even the US border control can with accessing laptops of people entering the country.

    It appears 8+ years of indoctrination is paying off big time - nobody appears to remember that privacy is a basic right. All it takes is some BS about "not being evil" for people to miss the shocking depth to which they can access all your personal data. Even the stuff they don't hold themselves will come up through the search engine. By matching up DNS records they will be able to add your entire Internet activity to your identity.

    That's going to be fun when you catch some sort of virus downloading porn - and the next time you apply for a job..

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
  9. Re:Privacy for what? by shentino · · Score: 5, Insightful

    You do realize the inherent conflict of interest in criticism from a competitor right?

    Do remember that at least and load up on grains of salt.

  10. Re:Privacy for what? by markkezner · · Score: 4, Informative

    For me, the dealbreaker with OpenDNS is that, when you type in a non-existant domain, OpenDNS resolves it to an IP that gives you their custom search page. The standards compliant response would be NXDOMAIN, which is what Google (and some others) provide. This alone was enough to make me switch away from OpenDNS.

    --
    Dangerous, sexy, turing complete: Femme Bots
  11. Re:And the worst case scenario? by thetoadwarrior · · Score: 4, Insightful

    Hotmail was only ok before MS owned but now it's bloated ugly and not better for much more than a spam box. Most other live services are just inferior alternatives to something Google has done better and serves as nothin gmore than an attempt to take down Google.