Do you get permission from owners of software before you track down problems? We know you don’t, and there is great value in what you do. If you were made responsible for maintaining the security of an Internet connection, DNS logging would be an essential.
-
-
Replying to @DRtheNerd @taviso
In fact, when people become aware of the disaster that is third-party ads and tracking, they want their own devices’ DNS logs made visible
2 replies 0 retweets 2 likes -
-
Replying to @taviso @DRtheNerd
Translation: "Do you ask permission from the author before you read a book? Then why should we ask permission to snoop on DNS. Also, I think users like being snooped on."
2 replies 0 retweets 12 likes -
Replying to @taviso
The popularity of actually useful filtering like guardian iOS firewall proves it so, I certainly trade off my own dns visibility if I can stop all connections to doubleclick and the Facebook pixel.
2 replies 0 retweets 1 like -
Replying to @DRtheNerd @taviso
I think there is a good middle ground too though where you can utilize DNS analysis to help users, but also, clearly explain the fact that it is being done. this allows the user to determine for themselves that they are cool with it.pic.twitter.com/O51igHBgw6
1 reply 0 retweets 2 likes -
Replying to @chronic @DRtheNerd
No, this isn't middle ground, you 100% have permission and are good. The owner installed your app that doesn't obfuscate what it's doing, you're good to go and above reproach.
2 replies 0 retweets 19 likes -
The problem is where the owner gives you 100% permission but you don't have the technical means to then actually do logging on the end device. When I bought my IoT stuff DNS Over HTTP wasn't a concern (it didn't exist yet...). If the vendors add it and use it... what should I do?
1 reply 0 retweets 1 like -
Nobody is proposing using DoH in a way that cannot be disabled by the owner, so the discussion is moot. Your vendor can do all kinds of user hostile stuff in future updates, but until they actually start doing that, why discuss it?
2 replies 0 retweets 0 likes -
In the real world we already deal with enterprise-hostile devices trying to connect, and DoH being used as a C2 channel is real now (see GoDoH on github). The technical answer is to block DNSless traffic, forcing IoT to use your network-supplied DNS. ZeroTrust at gateway.
1 reply 0 retweets 0 likes
Yes, just like *every* other protocol, malware can use it. Malware can also do C2 over twitter, email, or even custom protocols, e.g. https://attack.mitre.org/techniques/T1094/ …. If we disable any protocol that can "be used as a C2 channel", then what protocol remains?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
