Mon Jun 30, 2014 8:50 pm
Tue Jul 01, 2014 3:07 am
We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue. This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.
We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.
Vitalwerks and No-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.
Tue Jul 01, 2014 3:33 am
Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains
Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.
Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).
"By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration," Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. "Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away."
Wed Jul 02, 2014 10:26 pm
Microsoft Gives Up Control Of No-IP Websites It Wiped Off The Web
Whether it’s doing so of its own volition or has been pressured into taking action, Microsoft has finally started handing back control of domains it seized from No-IP earlier this week in a much-criticized, aggressive attempt to stop computer infections spreading.
At around 8pm BST today, No-IP started reporting a number of domains were back online, whilst records on the Domain Name System showed Microsoft had relinquished its control of many of the sites it wiped off the internet. One wonders if this was Microsoft giving up its anti-malware operation or if it’s simply part of the process. There is another possibility, as suggested by a noted security researcher today: the court may have reversed its decision to allow Microsoft to take control of the 23 domains it seized.
Thus far, Microsoft hasn’t provided comment. The Redmond giant had agreed to bring those legitimate domains it had effectively blocked back online yesterday, but failed to do so, according to the DNS provider. No-IP’s comments indicated there is something of a legal tussle taking place. “We are working with them [Microsoft] to reach an agreement and they have given us control of our domains,” Natalie Goguen, marketing manager at No-IP, said over email. “We are working with our lawyers to get everything resolved as quickly as possible.” She said this was Microsoft backtracking, rather than it being part of the tech titan’s plans.
No-IP said more than 1.8 million ”legitimate customers” were taken out by Microsoft’s seizure, affecting roughly 4 million hostnames. Though a digital issue there have been some potentially dangerous physical results from Microsoft’s action, according to Goguen, as it may have stopped people receiving medicines or caring for their children. “We have received many calls from customers who use our service to monitor cameras for elderly relatives, small children and even pets,” she added. “We have even had a customer from a medical dispatch company go down because of this. Over the past two days they have not been able to dispatch medics to elderly patients and it is very troubling to them.”
Whatever is behind Microsoft’s move to give back domains, it’s shown that taking a sledgehammer to a security problem tends to cause pain to a lot of those who might not deserve it.