Whois? More like WHOWAS: Domain database on verge of collapse over EU privacy

Governments refuse to get sucked into policy shambles, kibosh DNS GDPR plans


An effort to resolve conflicts between upcoming European privacy legislation and the global Whois service for domain names has, predictably, failed, raising fears that cybercriminals will take advantage of the impasse.

At the end of a week of meetings hosted by domain-name overseer ICANN, the US-based organization's proposed interim model lies in tatters, and there is no sign of a forthcoming solution before the May 25 deadline, when the General Data Protection Regulation (GDPR) comes into effect.

Industry insiders fear that, without agreement, the Whois service, which publicly lists full contact details of domain-name registrants, will effectively shut down in order to avoid fines and possible lawsuits under the Euro rules.

That would leave law enforcement and intellectual property lawyers, among others, unable to access registrant details, and potentially give cybercriminals a larger window to carry out crimes.

The biggest blow to ICANN's last-minute proposal on how to make Whois GDPR-friendly – put out just one week before the meeting – came when the world's governments refused to accept the role ICANN tried to place on its Governmental Advisory Committee (GAC). ICANN said it wanted to task the GAC with drawing up a system that would allow certain groups – cops, attorneys, and similar – unfettered access to Whois records. That plan was firmly rejected.

"The GAC does not envision an operational role in designing and implementing the proposed accreditation programs," read an official statement from the GAC to ICANN's board at the end of the meeting.

Such a rejection was entirely predictable, raising questions over why ICANN's staff suggested it in the first place.

So, um, about your entire ethos

ICANN is designed to work as a "multi-stakeholder" decision-making model where everyone impacted gets a say in the solution, so the suggestion that just governments would decide on an accreditation model was greeted with some scorn, not least by the US government.

Argument over this aspect of the "interim model" took up so much time and energy that ICANN's CEO Göran Marby pleaded with the internet community to focus on other aspects.

"There are still fundamental decisions to be made about the whole model," he told a public forum. "Discussion seems to be focussing on the accreditation model, as if everything else with GDPR compliance for Whois is decided. It's not."

Marby also made a second desperate plea, this time to European GAC members, who he "humbly begged" to contact their data protection authorities to get "firm advice" on what needed to be done to the Whois system to bring it in line with Euro law.

That plea came after the GAC tore up another key part of ICANN's proposed model: that all email addresses in domain ownership records be anonymized.

Cartoon man with hat and tie. Facial features replaced by question mark.

Knock, knock. Whois there? Get ready for anonymized email addresses after domain privacy shake-up

READ MORE

"A rationale is required for the decision to hide certain Whois data elements from the public database," the GAC said in its communiqué [PDF], before schooling ICANN's own Whois experts on what the actual GDPR legislation does and does not require.

"When it comes to personal data, the GDPR permits its processing, including publication, under certain circumstances… such as performance of a contract or the legitimate interests pursued by the controller or by a third party.

"In particular, publication of the registrant's email address should be considered in light of the important role of this data element in the pursuit of a number of legitimate purposes and the possibility for registrants to provide an email address that does not contain personal data."

Anonymous

The GAC also took issue with ICANN's proposal to anonymize non-personal information – such as company names and the contact details of administrative and technical contacts – and pointed out that "legal entities are explicitly excluded from the remit of GDPR."

In short, it argues that the changes proposed by ICANN "are not supported by the necessary analysis and supporting rationale which poses the question whether the choices reflected in the current proposal are required by the law."

In other words, ICANN made bad decisions based on incomplete information and failed to explain how or why it arrived at those decisions.

The failure to come up with a solution could have dangerous knock-on effects, the GAC warned: "As it stands, the proposed system risks hindering the efforts of law enforcement, intellectual property and other actors in combatting illicit activities and mitigating DNS abuse."

That message – that the failure to introduce a system before the end of May would make the internet a more dangerous place – was reiterated by law enforcement at the meeting, with Europol's cybercrime center (EC3) being particularly vocal about the risks.

EC3 repeatedly pushed the idea that the companies that provide domain names to the public – registrars – be obliged to respond to "urgent" law-enforcement requests for Whois information within 24 hours.

That could be a possible short-term solution to the lack of a global Whois policy, but the idea was rejected by registrars who have consistently blocked any effort to make them accountable to third parties.

On the other side of the equation, civil society groups were actually happy with the idea of anonymized email addresses, noting that it would "go a long way to reducing spam and harassment that end-users face."

Next page: Nope and nope

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Side-channel ring race 'hard to mitigate with existing defenses'

Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. The upshot is that one application can infer another application's private memory and snoop on the user's key presses.

"It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register. "The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses."

Side-channel attacks, like the 2018 Spectre and Meltdown vulnerabilities, exploit characteristics of modern chip microarchitecture to expose or infer secrets through interaction with a shared computing component or resource.

Continue reading

SolarWinds just keeps getting worse: New strain of backdoor malware found in probe

Plus: McAfee's in serious trouble over claimed cryptocurrency scam

In brief Another form of malware has been spotted on servers backdoored in the SolarWinds' Orion fiasco.

The strain, identified as SUNSHUTTLE by FireEye, is a second-stage backdoor written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US, perhaps at an infected organization, uploaded the malware to a public malware repository in August last year for analysis, well before the cyber-spying campaign became public.

Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency, warned it could take 18 months to clean up this mess, and that's looking increasingly likely.

Continue reading

Linus Torvalds issues early Linux Kernel update to fix swapfile SNAFU

‘Subtle and very nasty bug’ meant 5.12 rc1 could trash entire filesystems

Linux overlord Linus Torvalds has rushed out a new release candidate of Linux 5.12 after the first in the new series was found to include a ‘subtle and very nasty bug’ that was so serious he marked rc1 as unsuitable for use.

“We had a very innocuous code cleanup and simplification that raised no red flags at all, but had a subtle and very nasty bug in it: swap files stopped working right. And they stopped working in a particularly bad way: the offset of the start of the swap file was lost,” Torvalds wrote in a March 3rd post to the Linux Kernel Mailing List.

“Swapping still happened, but it happened to the wrong part of the filesystem, with the obvious catastrophic end results.”

So catastrophic that, as Torvalds explained, “you can end up with a filesystem that is essentially overwritten by random swap data.”

Continue reading

Remember that day in March 2020 when you were asked to get the business working from home – tomorrow, if possible? Here's how that worked out

IT pros from orgs large and small tell The Reg the tech delivered, mostly, but couriers and home Wi-Fi suddenly became your problem

Covid Logfile Brianna Haley was given one day to be ready to roll out Zoom for 13,000 users at over 1,000 sites.

Haley* is a project analyst for a large healthcare provider that, as COVID-19 marched across the world in March 2020, realised imminent lockdowns meant it would soon be unable to consult with patients.

And no consultations meant no revenue.

"I got called into a meeting at 7:30 or 8:30 on Monday morning and was told we had to get Zoom done by tomorrow," Haley recalls.

Continue reading

The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL

Time to fix those legacy evils, though.... right?

Column It is the monster which corrupts all it touches. It is an energy-sucking vampire that thrives on the pain it promotes. It cannot be killed, but grows afresh as each manifestation outdoes the last in awfulness and horror. It is Microsoft Exchange and its drooling minion, Outlook.

Let us start with the most numerous of its victims, the end users. Chances are, you are one. You may be numbed by lifelong exposure, your pain receptors and critical faculties burned out though years of corrosion. You might be like me, an habitual avoider whose work requirements periodically force its tentacles back in through the orifices.

I have recently started to use it through its web interface, where it doesn’t update the unread flags, hides attachments, multiplies browser instances, leaves temp files all over my download directory, tangles threads, botches searchers and so on.

Continue reading

Just when you thought it was safe to enjoy a beer: Beware the downloaded patch applied in haste

Let us tell you a tale of the Mailman's Apprentice

Who, Me? The weekend is over and Monday is here. Celebrate your IT prowess with another there-but-for-the-grace confession from the Who, Me? archives.

Our tale, from a reader the Regomiser has elected to dub "Simon", takes us back to the early part of this century and to an anonymous antipodean institution of learning.

Simon was working at the local Student Union (or "guild" as the locals called it), which was having problems with uppity education staff censoring the emissions of students. Simon was therefore commissioned to set up a fully independent newsletter.

"We had scored access to the Oracle user database," he said, "but only via the awful Filemaker Mac database. So I built a bridge to export it out to MySQL.

Continue reading

US National Security Council urges review of Exchange Servers in wake of Hafnium attack

Don't just patch, check for p0wnage, says top natsec team

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.

Microsoft revealed the attack last week and released Exchange security updates.

The Biden administration’s Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. Another advisory on 6 March upped the ante as follows:

Continue reading

Delayed, overbudget and broken. Of course Microsoft's finest would be found in NASA's Orion

In Space No One Can Hear You Scream (as Windows crashes again)

BORK!BORK!BORK! Getting astronauts to the Moon or Mars is the least of NASA's problems. Persuading Microsoft Windows not to fall over along the way is apparently a far greater challenge.

Spotted by Register reader Scott during a visit to the otherwise excellent Space Center Houston, there is something all too real lurking within the mock-up of the Orion capsule in which NASA hopes to send its astronauts for jaunts beyond low Earth orbit.

Clutched in the hand of a mannequin posed in the capsule's hatch is a reminder of both how old space tech tends to be and a warning for space-farers intending to take Microsoft's finest out for a spin.

Continue reading

NASA shows Mars that humans can drive a remote control space tank at .01 km/h

Perseverance takes first drive around landing spot named in honor of seminal sci-fi author Octavia E. Butler

NASA’s Perseverance rover trekked across Mars for the first time last Thursday, March 4, 2021.

The vehicle went four whole meters forward, turned 150 degrees to the left, then moved another two-and-a-half meters. The entire drive covered a whopping 6.5 m (21.3 feet) across Martian terrain. The journey took about 33 minutes.

The Register ran that through a calculator and deduces the nuclear powered laser-equipped space tank, aka Perseverance, sped along at the astounding velocity of .01km/h, quite a comedown from the 19,310 km/h at which it entered the red planet’s atmosphere.

In a press release, NASA said:

Continue reading

University of the Highlands and Islands shuts down campuses as it deals with 'ongoing cyber incident'

Ten letters, starts with R, ends with E, three syllables

The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses.

In a message to students and staff yesterday afternoon, the institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" – including its Brightspace virtual learning environment – were affected.

"We are currently working to isolate and minimise impact from this incident with assistance from external partners. We do not believe personal data has been affected," said the university, adding: "The source of the incident is not yet known."

An email sent to students and published on UHI's website said that its Office 365, Cisco Webex, OneDrive, Teams, and email services, among others, were not affected by the apparent intrusion. Administrators reiterated they didn't believe personal data had been affected.

Continue reading

Biting the hand that feeds IT © 1998–2021