Hi Paul, Thanks for your info and your concern. I suspect that the zeroredirect virus is a different issue, as plugging the same machine to a different network produces different DNS results – one is legit and one isn't. Furthermore, none of the documented viral behaviors such as a misconfigured DNS server or a proxy server occur in my machine. It's not unlikely that zeroredirect employs various mechanisms to achieve redirects to their website, of which client machine infection is only one.
I also hope my operational security for this machine is quite diligent, as I do not run software which is not securely verified from a trusted source, either using HTTPS with a trusted domain, or a GPG signature with a trust path from my key. While I could have made a mistake, I think DNS poisoning at the network level beyond my machine is most likely the case. Dionysis. On Mon, Dec 21, 2015 at 3:38 AM, Paul Wouters <p...@cypherpunks.ca> wrote: > On Wed, 9 Dec 2015, Dionysis Zindros wrote: > >> The OTR homepage at http://otr.cypherpunks.ca/ seems to be >> man-in-the-middled in certain networks. I have checked through various >> different networks with various results. > > >> In the man-in-the-middled OTE connection I can see this trace: > > >> HTTP/1.1 302 Moved Temporarily > > >> Location: >> http://www.zeroredirect1.com/otr.cypherpunks.ca?rpm=1&domainerId=18f6e5d1-1b47-11e5-ae0f-0edec89589c7&keywords=otr.cypherpunks.ca&fallbackUrl=http%3A%2F%2Finvestdollar.net%3FsubID%3Dotr.cypherpunks.ca%26fb%3Dhttp%3A%2F%2Fww9.otr.cypherpunks.ca > > > Googling for zeroredirect gives me a lot of links about the "google > redirect" virus. I'd throw away that machine and build a new one. > > If you want to avoid DNS redirects I can recommend installing > "dnssec-trigger" from NLnetlabs. > > Paul _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
