[swinog] Re: on-topic-ness of SCION ?
Hi Marc Maybe check with https://www.scion.org/ They me be interested in building up a community. And it would probably make sense the the operates collaborate within SWINOG. Best Serge On 30.04.24 08:38, Lüthi Marc via swinog wrote: Dear all A quick straw poll to the community: SCION on this list, [yes/no]? I could think of topics like * finding peer persons involved in /operating/ SCION Equipment (COREs, GATEs EDGEs) among the Swiss ISP community [1] * finding/requesting/discussing peering/interconnecting options with other CORE or EDGE operators * … and a few things more. If not on topic for swinog – might this be a use case for a hypothetical swinog-scion mailing list? Thanks for your thoughts and ideas. And of course, if such a thing as a “Swiss SCION Operators Community” (Web Forum, Discord, Slack, IRC channel, Mailing List….) is already established somewhere else – I’ll happily take any pointers. EveryWare AG Marc Lüthi [1] I just came to understand that there’s a Mailing List, Slack and Matrix channel at/by https://scion-architecture.net/ <https://scion-architecture.net/> - but I take it that this is more for the development side of things. ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks
Yes, I understand the technical issues. And yes it's ugly. But do you have a better solution? On 23.04.24 08:53, Marc Balmer wrote: Am 23.04.2024 um 08:51 schrieb Serge Droz via swinog : It's actually a pretty smart and light way of protection the majority of users from malware. And yes, there will always be false positives. And yes, it's sad we have to do this, but that's mostly because our industry, despite promising the contrary for years, doesn't seem to be able to offer secure services and products. The fact is, that states are getting feed up with this and will start legislating because we keep making empty promises and tell them they are stupid. You don't have to believe me, but maybe you listen to John Curran: https://www.youtube.com/watch?v=U1Ip39Qv-Zk Sorry for the rant, but I feel your reply is condescending and uninformed. Just throwing around words like "internet police" etc doesn't solve anything. Did you understand the technical issue this approach has? Certificates don’t match, that is the issue. -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks
It's actually a pretty smart and light way of protection the majority of users from malware. And yes, there will always be false positives. And yes, it's sad we have to do this, but that's mostly because our industry, despite promising the contrary for years, doesn't seem to be able to offer secure services and products. The fact is, that states are getting feed up with this and will start legislating because we keep making empty promises and tell them they are stupid. You don't have to believe me, but maybe you listen to John Curran: https://www.youtube.com/watch?v=U1Ip39Qv-Zk Sorry for the rant, but I feel your reply is condescending and uninformed. Just throwing around words like "internet police" etc doesn't solve anything. Best Serge On 23.04.24 08:38, Marc Balmer via swinog wrote: Swisscom returns this IP address for blocked domain names most likely because it assumes this website is compromised (phishing, malware). If you visit this IP address in a web browser you are redirected to https://www.swisscom.ch/abuse-info That explains. From a technical point of view, that is one of the most stupid things one can possibly do. Whoever invented this, has no clue how the web works: 1) I point my browser to https://spectrum-conference.org <https://spectrum-conference.org> (or any other domain where swisscom acts as the internet police) 2) Swisscom tampers with DNS and returns the address of one of their own servers 3) My browser opens a connection to it *and of course the website's HTTPS certificate does not match* 4) My browser shows an error message that a secure connection can not be made (at least all Apple device do this) 5) Swisscom malware page is not even displayed. This website has a form to report false positive. Daniel Thank you. ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
[swinog] Re: Contacts and Experts for Security Incidents
Hi Michael I think before you choose an external partner you have to figure out what you want and need. Typically this done by 1. Identify your prime assets 2. Identify the risks 3. Build up a plan for proactive measures: Try to build resilient systems, not "unhackable" ones 4. Create visibility: Most breaches are not discovered by the organization, but by external enteties. 5. Have people ready that can react. A CSIRT (computer Security Incident response team) does not need to be huge. It can even be virtual, i.e. comprised of people that have other regular jobs, but can dedicate time during a crisis. 6. The look for external resources: You need more than a name, you need a relationship. This means talking to people and see if it is a fit. As was mentioned there are several commercial providers in Switzerland, but you need one that shares your vision. Consider running your own team with a backup plan, and have a look at www.first.org. Best Serge On 23.11.23 13:19, Michael Righter via swinog wrote: Hi We are creating an emergency handbook if we would have a critical security incident. Is there someone who can suggest a company which can help to find how the guys hacked the infrastructure and how to fix it? I hope we never have to use it, but be prepared is better Thanks Michael ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
[swinog] Re: Mails from Proton to Outlook land in spam
Have you tired talking to supp...@proton.me? They are usually quite responsive. If that doesn't work DM me. Best Serge On 02.11.23 16:17, Mat Kowalski via swinog wrote: Hi all, I wonder if someone could point me in a correct direction for debugging mails between Proton and Outlook landing in spam... What happens is * my domain XXX plugged to mail.protonmail.ch. * my 2nd domain YYY plugged to mail.protection.outlook.com. * every mail sent from Proton to Outlook lands in spam * headers as seen by Outlook indicate SCL score 5 The content I use for the test is not anything synthetic but a real message. In the headers I can also see that the "basic configuration" is correct, i.e. * SPF passed * DKIM passed * DMARC passed so this gives no useful information sadly. Maybe someone here has experience with debugging Microsoft? The issue is that this makes my private mailbox unusable as whoever out there uses Outlook as their mail service is not getting my emails. Quite sick... Thanks a lot for any help, Mateusz ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
Re: [swinog] Coop.ch geoblocking?
Sure, here you go: Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 References: <7A5xjOA_IhApwauOLPwy0scprYxTA4bjrjcS6Ejp5HrXsPGcbyrTV2ABvFGl8gGpkVDyKFXPU2FKFTdfnoqycA==@protonmail.internalid> X-Pm-Date: Mon, 21 Jun 2021 15:57:11 + X-Pm-External-Id: <6FC07FDF38760D4D03211162AA001EDFAE9F5412@unknown> X-Pm-Internal-Id: 7A5xjOA_IhApwauOLPwy0scprYxTA4bjrjcS6Ejp5HrXsPGcbyrTV2ABvFGl8gGpkVDyKFXPU2FKFTdfnoqycA== To: "Serge Droz" Reply-To: "Roger" From: "Roger" Subject: Re: [swinog] Coop.ch geoblocking? X-Pm-Transfer-Encryption: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Delivered-To: s.d...@protonmail.ch X-Original-To: s.d...@protonmail.ch X-Antiabuse: Sender Address Domain - in3days.org X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12] X-Antiabuse: Original Domain - protonmail.ch X-Antiabuse: Primary Hostname - cloudserver2.webbossuk.com X-Antiabuse: This header was added to track abuse, please include it with any abuse report X-Authenticated-Sender: cloudserver2.webbossuk.com: in3d...@in3days.org Return-Path: X-Get-Message-Sender-Via: cloudserver2.webbossuk.com: authenticated_id: in3d...@in3days.org X-Pm-Content-Encryption: on-delivery Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=in3days.org ; s=default; h=MIME-Version:Message-ID:Subject:From:To:Date:Content-Type: Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uAxy3zLHqvfXb2TMYjrhYr5Z2Iu5r3NwESS4F1OCQg8=; b=pK1dKfuL2dIP2X5U9hf1z+iIGv e9DBaAUxWcNJsesFiRorFjvKyzPWnZ+20RDKKpGfsaEjcu7xuxyYrZbfICXsM0mzgfCry/DVoe+QU c2uMZspDly4ulZf0mp4o2Yx66GNBHlh0s0yZOjzrBc9whwJSk01vPFoKc/qthRVzR2Tc4GrsW4MlF R02FpGbOo3XzfjLoWwRWn52qVGvEaScq2tk8O4YAWm14iMUIGPHMZbmT9UWsODV7TvQDyRjQTb9YA IaffxFi0eEjohCq5WyMOBJbGq91Me/rI9o8Hhsqv5bnh3W1qI4K5L+nUn2tvRckpY/S9r2+BQORdE 99Vu9hyQ==; X-Pm-Spam: 0yeiAIic37iBOIJChpR3Y2bi4AiOiuHVZb8miiACL3cpJI6ZC2CIIMQGw2YDZDNmd RkNDzGUOOgDz4EGN2NiU0sIHzCJIYIS6gsHImIzlNwX3iW0YOAiwiACL2cvNUicmwiAOLACiwVmc 3b0JogIjwi0ILAjgGB1U0XFh9fTETEFUUByT6YEUEIFh8gTE0WFbYh2lTBycEUgYVjcmk3JbX4Gg w4CMFIQN9ORlF05TINFQgojR2cuVVyZGvGRIZMXg09mbHI1BxpYmg2gcY4WgGB1UFIlJ9yY2uFxZ IADuIBCMEVM11FX0B1NURU0gE9kQTWgoRNSFpCBTbNmslRWdCZpBBtbizXNZYdWlt4GXCMx4RLIE fU1SVFkMfRUSVQgUVzTWn2FcZBSogMXYSY2BxpYWECBZSl0Ny9GIEILRNpIHh25ZdVHymBSZmct9 4gXG0XVYa9GygM3JGZt9luYWgG4XM4CxLREIUSf1lHU0EkVTI1ElhN3c2ZgUFzaGgGEIRtEJvBST icEBBzSyuWdaYRX1sUmcGIv5BudClWNZcN3hslmcVeuxZhIHkGlbX4Gtx4CMEILR1fSUMkFVSQUg zVWT2cnFBoZSgXMYYQXghVGb3cgQ5lb2hHZIblGkLREIUSg0Igb3gEsRcl2n0FmbXdlJ4tXGxC4M IRELf1USkVMFRfSUgUYRTVWznF2cSZoBMgYX2SBYYxWpEBCZ0SNl9yIGLERIINHph52ZHdyVBmZS tm9cX4Gg25WZWZvxUtcGvnJZbBSkh12bWac5AwbigjALUNkWJ9FRlTQ9wgQkjmVUZlW2gQWZmdhl EgIGsmVcYkXgg4Wa3UhBhhbWgXMdUJEMi4GXHIg0fQ== X-Pm-Spamscore: 0 X-Pm-Origin: external X-Pm-Spam-Action: dunno Message-Id: <6FC07FDF38760D4D03211162AA001EDFAE9F5412@unknown> Received: from [136.35.59.161] (port=45371 helo=in3days.org) by cloudserver2.webbossuk.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (Exim 4.93) (envelope-from ) id 1lvNEU-00069P-CD for s.d...@protonmail.ch; Mon, 21 Jun 2021 17:57:10 +0100 Received: from cloudserver2.webbossuk.com (cloudserver2.webbossuk.com [95.172.31.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailin025.protonmail.ch (Postfix) with ESMTPS id 4G7yKH3NF6z9vNPW for ; Mon, 21 Jun 2021 18:11:47 + (UTC) Mime-Version: 1.0 Date: Mon, 21 Jun 2021 17:57:11 +0200 Authentication-Results: mailin025.protonmail.ch; dkim=pass (2048-bit key) header.d=in3days.org header.i=@in3days.org header.b="pK1dKfuL" Authentication-Results: mailin025.protonmail.ch; spf=none smtp.mailfrom=in3d...@in3days.org Authentication-Results: mailin025.protonmail.ch; dmarc=none (p=none dis=none) header.from=in3days.org Authentication-Results: mailin025.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=in3days.org header.a=rsa-sha256 On 21.06.21 23:42, Jeroen Massar wrote: > Full headers would be rather useful to determine the real origin of that > message... > > Greets, > Jeroen > > >> On 20210621, at 21:35, Serge Droz wrote: >> >> Hi all >> >> It seems there is a SWINOG member who should clean his computer. >> >> Happy hunting >> Serge >> >> >> >> Forwarded Message >> Subject: Re: [swinog] Coop.ch geoblocking? >> Date:Mon, 21 Jun 2021 17:57:11 +0200 >> From:Roger >> Reply-To:Roger >> To: Serge Droz >> >> >> >> Good day! >> >> We mail document to you again. You can
[swinog] Fwd: Coop.ch geoblocking?
Hi all It seems there is a SWINOG member who should clean his computer. Happy hunting Serge Forwarded Message Subject:Re: [swinog] Coop.ch geoblocking? Date: Mon, 21 Jun 2021 17:57:11 +0200 From: Roger Reply-To: Roger To: Serge Droz Good day! We mail document to you again. You can discover it at the link lower: annanigrodermatologia.it/mac-lesch/s_droz-80.zip > Hoi Roger > > ich denke nur das diese unterdrückung von unerwünschten > meinungen falsch > ist . > Das sehe ich auch so. Aber das macht Coop > ja nicht. > und im sinne coop finde ich es erstens nutzlos und > zweitens bedenklich > wenn man security probleme mit regionalesn > beschänkungen zu vermindern > versucht statt sie zu beseitigen > Keine > Ahnung warum das Coop macht, ist aber ihr Recht, ist ja Ihre Webseite. > Gruss Serge > .. so long ;) > > Roger > > > On 28.02.2021 19:37, Serge > Droz wrote: >> I think you misunderstand what free speech is. Free > speach means, you >> cannot be punished for what you say, nothing > more. It does not guarantee >> you an audience, or a platform. >> An, > although a bit US centric, explanation is here: >> > https://www.aclu.org/other/what-censorship >> >> If blocking is a good > idea for security reasons is en entirely different >> questions, and > has nothing what so ever to do with free speech or >> censorship. >> > >> Best >> Serge >> >> >> >> -- >> Serge Droz >> Security Lead >> > Proton Technologies AG >> -- Serge Droz Security Lead Proton > Technologies AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SSL Certs question
Hi Andreas These two countries are not currently under comprehensive US sanctions: > https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information So any CA, except, it seems SwissSign, should do. Best Serge On 13.05.21 11:29, Andreas Fink wrote: > > Hello all, > > I need to get some SSL certificates for some african country operations > and i can unfortunately not use letsencrypt for this. I was trying to > get a certificate from Swissign for this but for some reason they refuse > issuing certificates to domains for Guinea and Guinea Bissau because > these countries are on their embargo TLD list. It is known that some > individuals from these countries are on a UN embargo list, but thats > also true for some people from Germany or Switzerland or USA. And these > countries are not blocked. In other words, I need another certificate > provider, preferrably not under US control (so not Comodo, Digicert, > Thawte, Symantec, Verisign etc), who can issue multidomain certificates > for .gw, .com.gn, .sl, .io, .com domains. > > Anyone have a good hint? > > > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > -- Dr. Serge Droz Senior Security Engineer ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Coop.ch geoblocking?
Censorship is a third party forbidding you access to some information. Someone saying I only want grant access to my information/website to some people is at their discretion. That is, if some othortity would tell Coop to restrict access, they would otherwise give, then itt's censorship. Why would I even say this: Because if you muddle the meanings of censorship you essentially are normalizing censorship. If everything is censorship, than nothing is censorship. Best Serge On 28/02/2021 14:52, roger mgz wrote: > > Question is why Geoblocking at all, its a form of Censorship which > should be condemned > > btw: Even Coop is calling for Globalisation ;) > > Just my 5 cent's > > > Am 28.02.2021 um 12:33 schrieb Benoit Panizzon: >> Dear List >> >> Having issue in accessing www.coop.ch >> >> "Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt". >> >> And a hint I shall not use a VPN or Proxy. >> >> No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. >> (www.coop.ch is not IPv6 yet) >> >> So I supposed a messed up GeoIP Database and changed my SNAT IP a couple >> of times (all those IP are registered with country=CH @RIPE since >> decades and I never had such issues) >> >> 157.161.57.65 => blocked (main NAT ip) >> 157.161.57.66 => Ok (a static server ip not used anymore) >> 157.161.57.68 => Ok (a static client ip) >> 157.161.57.70 => blocked (alternate NAT ip seldom used) >> 157.161.5.199 => blocked (Gateway IP, not usually used as src, except >> local stuff on the Mtik like DNS) >> >> Weird! Anyone has insight in what geoIP database coop uses? Or if there >> are other criteria they use for blocking? >> > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > -- Serge Droz Security Lead Proton Technologies AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ISPs will be requested to block content
Hi Jeroen this was in the NZZ too. I find the first part of you quotes much worse than the second one. Dauert der schwerwiegende Rechtsverstoss an, soll der Provider dem Rechtsinhaber die Identität bekannt geben, damit dieser seine zivilrechtlichen Ansprüche geltend machen kann. In essence it means, that the intellectual property people now have easier access to private data than say law enforcement, circumventing every legal principle I know. Whatever is decided on the legality of certain actions, its courts that should diced if the law was broken, not some legal department of a large company. Never the less: Schöne Pfingsten Serge -- SWITCH --- Serge Droz, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://securityblog.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ISPs will be requested to block content
Ho Jeroen On 07/06/14 11:40, Jeroen Massar wrote: It depends on how you read that sentence indeed, I would expect still a real law enforcement to be involved for determining that some rights have been violated; Not if you listent to the presentation: Free culture oder Verlust der Kultur? at the Providerday 2013 (http://www.simsa.ch/2013/04/25/trusted-hosting-einladung-zum-provider-day-2013-vom-30-mai-2013/) Quote: We want to keep it simple: It's easiest if the ISPs give us the name and address of a downloader, and we can then settle the issue out of court. I'm not arguing pro or con Copyright, but I don't want to see the law in the hands of large (or small) corporations. Cheers Serge -- SWITCH --- Serge Droz, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://securityblog.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [REMINDER] SwiNOG #27 - Call for Papers
problems with every aspect of their (net)work. The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community. More information about SwiNOG can be found at http://www.swinog.ch/ Information about the meeting will be published at http://www.swinog.ch/meetings/swinog27/ General Information (SwiNOG Organisation) --- The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings. Contact: SwiNOG Organisation 8000 Zurich Switzerland ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch Security-News: http://securityblog.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] No IPv6 gluerecords at .ch registry
Hi Mattia I think you're confusing Registries with Registrars. There is indeed only one Registry, SWITCH. But there are many Registrars (See [1] for the officially recognized ones). SWITCH accepts IPv6 only Nameservers (we do IPv6 since many years) and all interfaces accept the respective commands. To me it seems that your Registrar cannot handle IPv6 properly. Best regards Serge [1] https://www.nic.ch/reg/cm/wcm-page/partnerlist/partnerlist.jsp?lid=en On 22.1.14 15:45 , Mattia Rossi wrote: Hi all, today I've got the following e-mail: Sehr geehrte Damen und Herren, die Änderung der Nameserver für yourdomain.ch kann nicht durchgeführt werden, da die Registry für .ch-Domains keine Gluerecords im Format hostname/ipv6 akzeptiert! Sie können also nur eine IPv4 Adresse angeben. Für weitere Fragen stehen wir Ihnen gerne zur Verfügung! Ihr easyname.com Team All I want to do is to run my own IPv6-only nameserver, using my domain name. Are such things common in Switzerland? Isn't there a general requirement in place for the .ch registry to support IPv6 as well as IPv4? How many .ch registries are there? (I would have thought 1...) I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable). Cheers, Mat ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch Security-News: http://securityblog.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: AccessPolicy to swisstime.ethz.ch changed to ClosedAccess
Hello Swinog, I've just talked to Armin, who is not on the list. swisstime has, in the last 20 years, become the single most used service at ETH. To keep up with the current growth ETH would have to invest substantial funds into the needed infrastructure. 20 years ago swisstime was a pioneering service. Today ntp services are available from other high quality servers and so it was decided to stop this ETH service for the public. Cheers Serge On 11.12.12 09:35 , Steven Glogger wrote: FYI, we've received such a message... -steven Anfang der weitergeleiteten Nachricht: *Von: *Wittmann Armin awittm...@ethz.ch mailto:awittm...@ethz.ch *Betreff: **AccessPolicy to swisstime.ethz.ch http://swisstime.ethz.ch changed to ClosedAccess* *Datum: *11. Dezember 2012 09:01:06 MEZ *An: *ID.NET.Hostmaster hostmas...@ethz.ch mailto:hostmas...@ethz.ch Dear Hostmaster, dear network responsible You are receiving this notification because devices in your network are using the ntp-Service of swisstime.ethz.ch http://swisstime.ethz.ch and you are among the most frequent users (several 10 MB data per day). The usage of swisstime.ethz.ch http://swisstime.ethz.ch has been increasing constantly over the years and has reached a state that would require additional specialized hardware to support the millions of sessions. The board of ICT-Services of ETH Zürich decided not to spend this money for new devices but to block the access to the server in the near future. For this reason the Access Policy of swisstime.ethz.ch http://swisstime.ethz.ch has been changed to Closed Access http://support.ntp.org/bin/view/Servers/SwisstimeEthzCh and you are kindly requested to use other ntp-Services provided by the internet for free - we recommend using the public ntp-Pool http://www.pool.ntp.org/en/ We intend to block the access to swisstime.ethz.ch http://swisstime.ethz.ch in June 2013. Do not hesitate to contact me for further questions. Kind regards Armin Wittmann Dr. Armin Wittmann ETH Zürich - Informatikdienste - ICT-Networks Division Head Weinbergstrasse 43 - WET B3 CH-8092 Zürich - Switzerland Tel.: +41 44 632 50 15 Fax: +41 44 632 11 66 E-Mail: awittm...@ethz.ch mailto:awittm...@ethz.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Switzerland judged Cleanest Country
Hello Andre, I am a bit surprised at your reply. In fact, the domain take down process is described in the law: http://www.admin.ch/ch/d/sr/784_104/a14bist.html Besides the rather strict legal framework we operate in, we must submitt a list ob blocked domain names OFCOM four times a year. And we must be able to explain our action for each of these. The OFCOM people monitor this process quite closely. I hope this clarifies matters. Best regards Serge On 08/12/2012 07:12 PM, Andre Oppermann wrote: On 10.08.2012 16:27, Serge Droz wrote: Hello Swinogers, you may have read our press release yesterday: http://www.switch.ch/about/news/2012/malware-080812.html In the latest PandaLabs Quarterly Report Switzerland is judged as the Least infected country. While one always has to read such number with care, we still feel it indicates that Swiss ISPs do a good job. We've been sending out reports about infected systems since about a year, and the response was positive. Most people did put in the additional effort to support their customers fixing the problems. Thus a big Thank you to all who take security serious.. Despite the results in cleaning up *websites* I still feel uneasy about this completely extra-judicial domain takedown process. A domain is at least as important as a specially assigned phone number. When BAKOM want's to deactivate such a phone number because of alleged abuse it has to issue an official order (Verfügung) which can be appealed in legal court. Then court then may, or may not, issue a stay on the order until things are further analysed or sorted out. Here SWITCH is the accuser and executioner in union. On top of that it will only re-establish the domain when SWITCH is satisfied that its demands are fulfilled. There is no appeals process, no legal court, no 3rd party review, simply nothing. And .ch Domains are a Swiss federal resource in law. It seems we haven't hit the edge cases yet where there is disagreement on whether something actually is malware or malicious enough between SWITCH and a domain holder. I'm waiting for the day megarapiddownload.ch (made that up) is considered illicit for the purpose of a domain disable procedure. What then? IFPI throwing a party? -- SWITCH Serving Swiss Universities -- Serge Droz, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Switzerland judged Cleanest Country
Hello Swinogers, you may have read our press release yesterday: http://www.switch.ch/about/news/2012/malware-080812.html In the latest PandaLabs Quarterly Report Switzerland is judged as the Least infected country. While one always has to read such number with care, we still feel it indicates that Swiss ISPs do a good job. We've been sending out reports about infected systems since about a year, and the response was positive. Most people did put in the additional effort to support their customers fixing the problems. Thus a big Thank you to all who take security serious.. Best regards Serge -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] www.nic.ch Update
Hello Swinogers, as promised a quick summary of yesterdays events. 2:00 AM: Power-failure in Lausanne [See link 24heures below] 2:56 AM: USV empty, Server go down 3:02 AM: Power restore, peaks cause fuses to blow at our location 3:40 AM: SWITCH ENgineers start moving operations to the Zurich data center 7:14 AM: www.nic.ch up and running again We've had no data loss. So if only the USV's had lasted a few minutes longer ;-( 24heures: http://www.24heures.ch/vaud-regions/lausanne-region/Coupure-de-courant-dans-l-Ouest-lausannois/story/12642760 So have a quiet weekend Serge -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] www.nic.ch
Good Swinog, we had a complete power failure in one of our data centres. We're currently investigating the issue, and will post more info, if we find anything interesting. Best regards Serge On 4/12/12 7:14 AM, Matthias Hertzog wrote: it's okay now. What happened? -- SWITCH --- Dr. Serge Droz, Team Leader Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Blocking Malware distribution sites
Hello Swinogers, On 25 November 2010 SWITCH will launch an new initiative to maintain the high security standards of Swiss websites. Let me briefly explain what we will do, as it is relevant to the SWINOG community: From different third parties we receive a fairly large number of URLs in .ch/.li ccTLDs which distribute malware. We're talking a few hundred URLs per week. In a first step SWITCH verifies that this claim is true. If the site is indeed distributing malware we will contact the domain holder and technical contact by e-mail and ask them to remove the problem within one working day. If the they fail to do so, we will delete the name server delegation from the zone-file [1]. We report this to MELANI, as required by law [2]. The domain holder will be informed about this. Removing the name server delegation is not really efficient as long as DNS caches, containing entries of that domain are not flushed. SWITCH plans to make the list of blocked domains available to relevant parties, i.e. ISPs operating name servers for their customers. If you want to receive this info send us an e-mail message to c...@switch.ch and we will get in touch with you. Since we don't want any finger pointing or bashing of affected sites, we want you to keep this info confidential. To join, we therefore ask you to sign a non disclosure agreement (NDA). Please get in touch with if you have any question. Best regards Serge Notes: [1] Details see Bakom http://www.bakom.admin.ch/themen/internet/03470/index.html?lang=de [2] The law [1] talks about a anerkannte Stelle zur Bekämpfung von Cyberkriminalität, a recognized organisation fighting cyber-crime. So far MELANI (http://www.melani.admin.ch/) is the only recognized organisation. -- SWITCH Serving Swiss Universities -- Serge Droz, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] www.nic.ch down?
Thanks for the heads up, we're looking at it. Serge On 26/11/09 8:17, Mike Kellenberger wrote: Is it just me or is www.nic.ch down at the moment? Cheers, Mike -- SWITCH Serving Swiss Universities -- Serge Droz, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
