.biz DNSSEC DNSKEY is Invalid
We have received indication that the domain .biz DNSSEC DNSKEY is "bogus" and failing DNSSEC validation. Resolving isc.biz with VeriSign Labs indicates "None of the 5 DNSKEY records could be validated by any of the 2 DS records" and "The DNSKEY RRset was not signed by any keys in the chain-of-trust".
When we receive additional information, we will update the diary.
Update: NANOG recommended a resolver flush and reported it was clearing up. There are no reports as to why this happened.
[1] http://dnssec-debugger.verisignlabs.com/isc.biz
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Facebook Reports a Potential Leak of User Data
Facebook recently received a report that may have allowed some user information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.
Based on their analysis, they estimate that approximately 6 million users had their email addresses or telephone numbers shared. However, they don't have any evidence this bug was exploited because they have not received any user complaints or seen strange activity related to this bug. The complete Facebook message to users is posted here.
[1] https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Comments