[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Gert Doering via swinog]

Hi,

On Tue, Apr 23, 2024 at 08:55:49AM +0200, Serge Droz via swinog wrote:
> Yes, I understand the technical issues. And yes it's ugly. 

It's not "ugly", it's outright failing to achieve anything, except 
signal "things are not working".  Why have a report form at all if it
can not be loaded due to certificate mismatch?  The world is no longer
HTTP-only...

> But do you have a better solution?

Since this is not a "solution", just a new sort of problem, it doesn't
even qualify for a comparison.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard,
   Ingo Lalla, Karin Schuler
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Serge Droz via swinog]

Yes, I understand the technical issues. And yes it's ugly. But do you 
have a better solution?




On 23.04.24 08:53, Marc Balmer wrote:




Am 23.04.2024 um 08:51 schrieb Serge Droz via swinog :

It's actually a pretty smart and light way of protection the majority of users 
from malware. And yes, there will always be false positives.

And yes, it's sad we have to do this, but that's mostly because our industry, 
despite promising the contrary for years, doesn't seem to be able to offer 
secure services and products.

The fact is, that states are getting feed up with this and will start 
legislating because we keep making empty promises and tell them they are stupid.

You don't have to believe me, but maybe you listen to John Curran:
https://www.youtube.com/watch?v=U1Ip39Qv-Zk

Sorry for the rant, but I feel your reply is condescending and uninformed. Just throwing 
around words like "internet police" etc doesn't solve anything.


Did you understand the technical issue this approach has?  Certificates don’t 
match, that is the issue.



--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Marc Balmer via swinog]

> Am 23.04.2024 um 08:51 schrieb Serge Droz via swinog :
> 
> It's actually a pretty smart and light way of protection the majority of 
> users from malware. And yes, there will always be false positives.
> 
> And yes, it's sad we have to do this, but that's mostly because our industry, 
> despite promising the contrary for years, doesn't seem to be able to offer 
> secure services and products.
> 
> The fact is, that states are getting feed up with this and will start 
> legislating because we keep making empty promises and tell them they are 
> stupid.
> 
> You don't have to believe me, but maybe you listen to John Curran:
> https://www.youtube.com/watch?v=U1Ip39Qv-Zk
> 
> Sorry for the rant, but I feel your reply is condescending and uninformed. 
> Just throwing around words like "internet police" etc doesn't solve anything.

Did you understand the technical issue this approach has?  Certificates don’t 
match, that is the issue.

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Serge Droz via swinog]

It's actually a pretty smart and light way of protection the majority of 
users from malware. And yes, there will always be false positives.


And yes, it's sad we have to do this, but that's mostly because our 
industry, despite promising the contrary for years, doesn't seem to be 
able to offer secure services and products.


The fact is, that states are getting feed up with this and will start 
legislating because we keep making empty promises and tell them they are 
stupid.


You don't have to believe me, but maybe you listen to John Curran:
https://www.youtube.com/watch?v=U1Ip39Qv-Zk

Sorry for the rant, but I feel your reply is condescending and 
uninformed. Just throwing around words like "internet police" etc 
doesn't solve anything.


Best
Serge

On 23.04.24 08:38, Marc Balmer via swinog wrote:
Swisscom returns this IP address for blocked domain names most likely 
because it assumes this website is compromised (phishing, malware).


If you visit this IP address in a web browser you are redirected to 
https://www.swisscom.ch/abuse-info


That explains.  From a technical point of view, that is one of the most 
stupid things one can possibly do.  Whoever invented this, has no clue 
how the web works:


1) I point my browser to https://spectrum-conference.org 
 (or any other domain where swisscom 
acts as the internet police)
2) Swisscom tampers with DNS and returns the address of one of their own 
servers
3) My browser opens a connection to it *and of course the website's 
HTTPS certificate does not match*
4) My browser shows an error message that a secure connection can not be 
made (at least all Apple device do this)

5) Swisscom malware page is not even displayed.



This website has a form to report false positive.

Daniel



Thank you.



___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch


--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[mail--- via swinog]

On https://www.swisscom.ch/de/privatkunden/hilfe/internet/url-checker.html you 
can check if a URL is blocked by Swisscom or not. Seems it‘s blocked because of 
«Malware Distribution»…
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Marc Balmer via swinog]

> Am 23.04.2024 um 08:42 schrieb Daniel Stirnimann 
> :
> 
> Try http://195.186.208.193/


Thanks, Daniel, that worked!  Reporting it now.
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Daniel Stirnimann via swinog]

Try http://195.186.208.193/

Daniel

On 23.04.2024 08:40, Marc Balmer wrote:



Swisscom returns this IP address for blocked domain names most likely because 
it assumes this website is compromised (phishing, malware).

If you visit this IP address in a web browser you are redirected to 
https://www.swisscom.ch/abuse-info

This website has a form to report false positive.



There is no such form.


___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Marc Balmer via swinog]

> Swisscom returns this IP address for blocked domain names most likely because 
> it assumes this website is compromised (phishing, malware).
> 
> If you visit this IP address in a web browser you are redirected to 
> https://www.swisscom.ch/abuse-info
> 
> This website has a form to report false positive.


There is no such form.

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Marc Balmer via swinog]

> Swisscom returns this IP address for blocked domain names most likely because 
> it assumes this website is compromised (phishing, malware).
> 
> If you visit this IP address in a web browser you are redirected to 
> https://www.swisscom.ch/abuse-info

That explains.  From a technical point of view, that is one of the most stupid 
things one can possibly do.  Whoever invented this, has no clue how the web 
works:

1) I point my browser to https://spectrum-conference.org 
 (or any other domain where swisscom acts as 
the internet police)
2) Swisscom tampers with DNS and returns the address of one of their own servers
3) My browser opens a connection to it *and of course the website's HTTPS 
certificate does not match*
4) My browser shows an error message that a secure connection can not be made 
(at least all Apple device do this)
5) Swisscom malware page is not even displayed.

> 
> This website has a form to report false positive.
> 
> Daniel
> 

Thank you.


___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Daniel Stirnimann via swinog]

Swisscom returns this IP address for blocked domain names most likely 
because it assumes this website is compromised (phishing, malware).


If you visit this IP address in a web browser you are redirected to 
https://www.swisscom.ch/abuse-info


This website has a form to report false positive.

Daniel

On 22.04.2024 23:51, Marc Balmer via swinog wrote:


The domain name spectrum-conference.org 
 wrongfully resolves to 195.186.208.193 
when queried from bluewin/swisscom mobile networks.


It is registered to 46.175.8.9, which is the correct address.

Please fix the swisscom/bluewin.ch  DNS resolvers.


___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks

[Marc Balmer via swinog]

The domain name spectrum-conference.org  
wrongfully resolves to 195.186.208.193 when queried from bluewin/swisscom 
mobile networks.

It is registered to 46.175.8.9, which is the correct address.

Please fix the swisscom/bluewin.ch  DNS resolvers.

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch