new blog built on Rails
My thoughts on web application development, especially in the realm of Ruby on Rails, Heroku, the cloud, Ruby, Rails, Memcache, PostgreSQL, No-SQL, iPhone, and other topics are being shared now on http://MarkHolton.com
A web developer, architect, & aspiring RESTafarian's thoughts on software, web tech, entrepreneurial endeavors and some creative ideas. Mark's current focus is on developing elastic & RESTful Ajax applications on the Cloud with the following technologies: OO and unobtrusive JavaScript using the Prototype JS library, jQuery, and on the server side prefers to write OO code in Ruby, Rails; Amazon EC2 AS3 SimpleDB; mySQL; -- currently learning a new language each year and groking Unix
My thoughts on web application development, especially in the realm of Ruby on Rails, Heroku, the cloud, Ruby, Rails, Memcache, PostgreSQL, No-SQL, iPhone, and other topics are being shared now on http://MarkHolton.com
Posted by Mark Holton Labels: Heroku, mark holton, markholton, Rails, Rails 2.3.8, web 2.0
at 12:18 AM
Posted by Mark Holton Labels: Airport Extreme Base Station, mac, mac book pro, Mac OS X, NAS, storage
at 11:02 AM
http://www.theregister.co.uk/2009/12/18/dns_twitter_hijack/
A bunch of servers exist throughout the internet which map friendly human readable names (twitter.com, eyeonmajors.com) to IP addresses. These are DNS servers (Domain Name System servers) -- phonebook for the internet. When you type in "tigerwoods.com" to see his latest transgression admission, along the way DNS is queried and you are directed to the mapping to that IP address which presents the html and images of Tiger's statement.
A DNS hijack... is when the evil doers redirect the mapping, to a mapping of their own choosing. E.g. instead of twitter.com pointing to twitter's actual IP address, they point it to the IP of their own website where they can display whatever they want. (hey, maybe Tiger never admitted anything, and it is an ongoing DNS hijack?)
Once they have accomplished the hard part of hijacking DNS... it's very easy to create a landing page that looks identical in every way to the real site, but is in fact run by someone else. Look, Virginia, it even has the same URL. Looks legit, but is not. When people try to log in, the criminals setting up these sites can simply grab and store the username and password of the person attempting to login (phishing) for malicious uses.
So when/how can you be sure? HTTPS and SSL certificates can ensure that the site you are attempting to reach is the actual site. The site has been "notarized" in effect by an SSL cert, and while the evil doers can fake the look of a site and in some cases can even hijack the domain name (as they did with Twitter), they can't fake an SSL cert** -- it is bound to the domain name itself. (Not all sites use https and ssl certs)
...
http://twitter.com/coda/status/6789759675
Holts
** can't fake an SSL cert... unless the cert was encrypted using an MD5 hash, and the hacker had access to one or more PlayStation3's. ;)
http://www.youtube.com/watch?v=OqHcm66s-kc