tag:blogger.com,1999:blog-37798047.post5655366657534335965..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: In which I have to debunk a second timeDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-37798047.post-197195933099576522016-11-07T06:42:34.255-05:002016-11-07T06:42:34.255-05:00Good work. I despise it when bits and pieces of sc...Good work. I despise it when bits and pieces of science (each with very limited scope) get strung together and thus imply these individual pieces work together and are some sort of proof of some idea--put forth by a layperson!<br /><br />Some of the so-called experts also declare that they have "never seen this before" when in some industries, it is very common, if fact, in some industries it is the norm, not the exception. So, always keep in mind, some scientist's "experience" is not science--it is opinion based on the limitations of the scope of that scientists experience. <br /><br />More directly, email servers used to distribute marketing emails, don't accept inbound email and bounce everything that comes their way. So, if you declare that it's just unheard of (by "experts") to configure an email server that way, your experts have limited scope of experience AND limited commonsense because everybody, everyday, gets emails from marketers using servers that don't accept and may bounce any/all inbound emails. (e.g. no-reply@SomeMarketersDomain.com). Sheesh!<br /><br />Finally, in analyzing the data (assuming it is legit) we can postulate not a single explanation, but a whole array of possibilities that might produce these data. One that comes to mind for me is, wouldn't it be ingenious to use such an email account to communicate to a list of a single "subscriber"? You wouldn't have to be particularly tech savy (if at all) to operate it. You'd fly under the radar of the NSA et al, who probably ignore these IPs while culling some of the traffic it analyzes. So, if I were going to postulate nefarious Trump dealings with Russia via this data regarding this email server, that would be the direction I would turn and the theory I would follow. Makes much better sense, right?<br /><br />But, proof of nothing.Anonymoushttps://www.blogger.com/profile/07243757852646588401noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-20122849160832891012016-11-03T23:29:45.671-04:002016-11-03T23:29:45.671-04:00My searching of Paul Vixie's Farsight Passive ...My searching of Paul Vixie's Farsight Passive DNS db suggests that "changed in June" is flat out wrong.<br /><br />Prior to Sep 23rd this year:<br /><br />- The NS for the trump-email.com domain was unchanged since mid 2010 (and possibly earlier, this is probably the limit of the pDNS data)<br />- The SOA for the domain was unchanged since December 2014 <br />- The MX (incoming.cdcservices.com) was unchanegd since December 2011<br />- The TXT ("Internet Solution from Cendyn.com.", "v=spf1 ip4:198.91.42.0/23 ip4:64.135.26.0/24 ip4:64.95.241.0/24 ip4:206.191.130.0/24 ip4:63.251.151.0/24 ip4:69.25.15.0/24 mx ~all" ) was unchanegd since November 2014<br /> - The CNAMES www.trump-email.com, mail.trump-email.com., _client._smtp.trump-email.com. and links.trump-email.com. were all unchnaged since at least 2012 (some date back to 2010)<br /> - The A record mail1.trump-email.com. A 66.216.133.29<br /> goes back to Fri Jul 2 19:20:22 2010<br /><br />One thing that is missing is that there is no record of anyone actually querying for the A record for trump-email.com and I can't (from the farsight data) see where it comes from<br /><br />The only oddity is that three machine generated CNAMEd subdomains show up briefly on Sep 23. All redirected to trump-email.com<br /><br />dw6w3yzfw6.trump-email.com.<br />s4ddlkd49j.trump-email.com.<br />t59hykhmfc.trump-email.com.<br /><br />There is no record of these or any other strange subdomains in the Farsigght pDNS. I suspect that either this was a test by some researcher to confirm that *.trump-email.com redirected to trump-email.com or someone was in the process of setting up a different email tracking system when it was decided to drop the domain entirelyFrancis Turnerhttps://www.blogger.com/profile/09239588633595604498noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-16273839649098735202016-11-03T19:21:11.312-04:002016-11-03T19:21:11.312-04:00FWIW, Camp has been a security professor at IU-Blo...FWIW, Camp has been a security professor at IU-Bloomington for over a decade now. Her work is more focused on the HCI aspects of security, though, so I'm not surprised you hadn't heard of her.Meredith L. Pattersonhttps://www.blogger.com/profile/13383572015032134347noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-19130584215075620372016-11-03T17:35:02.946-04:002016-11-03T17:35:02.946-04:00And illusory correlation.And illusory correlation.Swift Foxehttps://www.blogger.com/profile/08198870392396220119noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-24276323110197492072016-11-03T17:27:57.983-04:002016-11-03T17:27:57.983-04:00Great work. The fallacious behavior to which you a...Great work. The fallacious behavior to which you are referring is called confirmation bias.Swift Foxehttps://www.blogger.com/profile/08198870392396220119noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-9218366130456044382016-11-03T00:58:47.357-04:002016-11-03T00:58:47.357-04:00This comment has been removed by the author.jhttps://www.blogger.com/profile/03702860460177930926noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-68656166978483460482016-11-03T00:53:49.822-04:002016-11-03T00:53:49.822-04:00This comment has been removed by the author.jhttps://www.blogger.com/profile/03702860460177930926noreply@blogger.com