You could be seeing a great picture here
_

Charles on… anything that comes along

Monday 26 July 2004

Filed under: — Charles @ 7:21 pm

No, Google *isn’t* because of MyDoom [though I could be.. I *am* wrong..]

Amazing that some folk aren’t able to figure this out. Or maybe I just got exceptionally lucky linking to Scoble’s blog about what’s been going on with Google.

Anyway, to recap: someone subverted its DNS, which has now spread so that you keep getting the fake Google. (Notice how when you mouse over “News” on the Google page it doesn’t point to “news.google.com”.

So here at 6.13pm is the BBC suggesting Virus blamed for Google problems. Sorry, people, but this fails the “thinking first” test.

1) has any virus managed ever to spread this fast?
2) the underground who mount DOS attacks increasingly do it for money. Has Google had an extortion note? (Ooh, must ask.)

I’m sitting here amazed that this isn’t all over the blogs. Or am I just reading the wrong blogs? Or is it that everyone’s so stunned by what’s happened they can’t make their fingers work?

Anyhow, you don’t knock 50,000 Linux servers off the Net with a single virus. That much is obvious.

Update 11.25pm: So, Google is saying that it was MyDoom. (Though there’s no press release on its press area - something they’ll have to improve as a public company.) I still don’t buy it. How do they explain the altered whois record at whois.internic.net - which gives the output GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.

Last update of whois database: Mon, 26 Jul 2004 08:37:55 EDT

A bad whois spreads like poison in the well. A virus… well, howcome that didn’t take out Yahoo? They must have a pipe the same size. Something about this is not quite right.

And if I’m wrong (perish the thought!) then it really isn’t very clever for Google to get knocked off the Net by a virus’s first day. I’d not buy those shares.

Update 11am Tues: OK! I was wrong! Here’s the lowdown from Danny O’Brien of NTK.
From: “Danny O’Brien” ..Date: Tue, 27 Jul 2004 01:39:08 -0700

Nah. The whois stuff is just an old joke — “whois google.com” searches for any DNS record that has google.com in the title, and people have been filling the searchs with noisy subdomains for years — try whois microsoft.com. Or whois =google.com, as the text below it indicates. …

Oh well, it was fun while it lasted. Wrong? Me? With my reputation?

Filed under: — Charles @ 5:58 pm

How the Google hack was done

Nice explanation here on how this was done. Basically, it’s a magician’s trick: misdirect everyone to a site that looks like Google (not hard) which will of course fall over under the “attack” of Google’s normal usage. See Search Engine News :: Search Engine Lowdown: Google Under DNS Attack for the rest.

However, I wouldn’t fancy being the people who did this, or allowed it to happen. Sergei Brin is sure to get offers from hitmen all over the world.

Still, it might mean that the DNS registration lunacy, whereby any idiot can insert any junk into the DNS records, will get sorted out.

Filed under: — Charles @ 5:21 pm

Sorry, but the internet is down. Please try later

As of just now, Google is down - it’s not serving requests. Netcraft isn’t giving any uptime.

I tell you, the panic is almost tangible. That’s a neat way to knock a few hundred million of its offer price, too.

Powered by WordPress