It's so interesting! But for Yahoo it's not correct: WHOIS information for yahoo.com:
[Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: YAHOO.COM Registrar: MARKMONITOR INC. Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NS1.YAHOO.COM Name Server: NS2.YAHOO.COM Name Server: NS3.YAHOO.COM Name Server: NS4.YAHOO.COM Name Server: NS5.YAHOO.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 18-dec-2011 Creation Date: 18-jan-1995 Expiration Date: 19-jan-2013 On 7 May 2012 10:40, Eugen Leitl <[email protected]> wrote: > > http://www.pastie.org/3867284 > > The Internet Kill Switch; With Global Wiretapping Capability? > > One company to rule them all > One company to find them; > One company to bring them all > And in the darkness bind them > > > Recently run any whois queries on Google? No? How about Facebook? MSN, or > Hotmail? Yahoo? You might be surprised, comparing the results. > > Nice, innit? See the "Last Updated" part also. > > The brand-protecting, anti-piracy company MarkMonitor Inc. has had all > these DNS names under its control for several months now. > > They also control the Wikimedia name services, even though that doesn't > show up on the Wikimedia.org whois record. There are many others. Apple.com > falls under their jurisdiction, as does ubuntu.com. Nokia.com? Yep, under > MarkMonitor. See a pattern here? > > MarkMonitor also is a trusted Certificate Authority; they have, in > essence, the means to fabricate safe-looking SSL connections for you, to > whichever host they want. Your browser will not sound any warnings of > possible man-in-the-middle attacks. > > MarkMonitor is a company that can own most people's "Internet" in minutes. > It now controls all three top free e-mail providers directly, and I suppose > it's safe to say, most currently active social media sites too. > > See for yourself. Whois yahoo.com, whois google.com, whois gmail.com, > whois facebook.com, whois fbcdn.com, whois hotmail.com, whois msn.com... > the list seems endless. > > > How'd all this happen? > > This company has acquired complete access to monitor, eavesdrop, censor > and fake any user of these popular Internet services in about one year > (2011). In almost complete silence. For several of the sites, it also > provides "firewall proxy" services, which means it is actually paid to > intercept all communications. In and out. > > The situation reminds me of Joseph Lieberman's 2010 initiative to create > an "Internet kill switch" for the U.S. > > The government only needs to control this one company, and most social > media, most free e-mail, most search engines will be under its control. Not > to mention most operating systems, for both computers and mobile devices. > > Not only inside U.S., but globally. One company to rule them all. > > I, for one, would like to ask; WTF is going on? How did these guys, this > relatively small domain-hogging and pirate-chasing company, get the > resources to simply acquire the DNS records of all the most popular > Internet services? How can this be so totally ignored by the media, and > even privacy advocates? Even conspiracy theorists seem to be completely > ignoring the situation. > > > Secure communication is an illusion > > Only one company to rule them all? As if all this doesn't sound bad > enough, the problem is far more widespread. MarkMonitor could easily act as > a global "kill switch" for the sites under its rule. But as it turns out, > most anyone with some resources could just as easily impersonate > MarkMonitor itself. > > Because, as one might have noticed in the past few months, the whole SSL > certificate scheme is broken. Not in a technical sense - there's no known > inherent weakness in the algorithms. But the whole SSL protection is based > on trust, and that trust has failed us. > > According to several sources, SSL CA certs are routinely given out to > anyone willing to pay for them. As The Register points out in its analysis > on TrustWave spying scandal: > > "Those defending Trustwave suggested that other vendors probably used the > same approach for so-called "data loss prevention" environments - systems > that inspect information flowing through a network to prevent leaks of > commercially sensitive data." > ... > "In fact Geotrust was openly advertising a 'Georoot' product on their > website until fairly recently." > > http://www.theregister.co.uk/2012/02/14/trustwave_analysis/ > > Oh, so the ability to impersonate anyone is normal day-to-day practise for > big business? Just imagine what government agencies must be doing - for > example in Sweden, where the military intelligence organisation FRA has the > mandate to monitor all traffic across borders. > > Who can seriously claim they trust all the hundreds of different CA > companies, several of which have been caught red-handed with selling out > their customers' security, or covering up very serious breeches (up to and > including their root certificates being stolen). > > > http://nakedsecurity.sophos.com/2011/04/06/eff-uncovers-further-evidence-of-ssl-ca-bad-behavior/ > > > MarkMonitor is a "brand-protecting" company. Traditionally its business > has been reserving domains to protect brands. You buy its service, it makes > sure that nobody else can have "mybrandsucks.com". > > Also, they're an anti-piracy outfit. Their entire business is based on > protecting IP. > > > http://www.marketwatch.com/story/markmonitor-to-exhibit-at-internet-tech-policy-exhibition-and-reception-to-be-held-on-capitol-hill-2012-01-24 > > > Just saying, someone should probably question them and their customers. > Why does Google, who always "do things themselves", externalise these vital > parts of its network? How come all the competing phone and OS vendors, who > sue each other all the time, suddenly trust this one company? > > And then there's all those competing social media companies, who > practically thrive on what others call "IP theft", including their users > sharing text, images, music, videos and links? > > > Big questions. Defy common sense. Need answers. > _______________________________________________ > liberationtech mailing list > [email protected] > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > If you would like to receive a daily digest, click "yes" (once you click > above) next to "would you like to receive list mail batched in a daily > digest?" > > You will need the user name and password you receive from the list > moderator in monthly reminders. You may ask for a reminder here: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > Should you need immediate assistance, please contact the list moderator. > > Please don't forget to follow us on http://twitter.com/#!/Liberationtech >
_______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
