On Mon, Apr 15, 2013 at 3:02 AM, Adam Nelson <adam@varud.com> wrote:
I brought it up a few months ago in Skunkworks, but until the .ke top level domain is signed,
of course, you have to sign .co.ke AND google.co.ke for DNSSEC to mitigate against cache poisoning.
you can't really trust the identify of any site under .ke that doesn't use an SSL certificate (i.e. the regular google.co.ke without "https").
http://stats.research.icann.org/dns/tld_report/
I'm pretty confident that Google's systems weren't cracked and that this was something like a DNS attack on one of the ISPs or similar.
Probably: here is the *dig* result for *google.co.ke* from server 8.8.8.8 [dig @ 8.8.8.8 google.co.ke A] ; <<>> DiG 9.7.3 <<>> @8.8.8.8 google.co.ke A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38419 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.co.ke. IN A ;; ANSWER SECTION: google.co.ke. 300 IN A 173.194.35.152 google.co.ke. 300 IN A 173.194.35.151 google.co.ke. 300 IN A 173.194.35.159 ;; Query time: 17 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Apr 15 14:16:38 2013 ;; MSG SIZE rcvd: 78 http://whois.arin.net/rest/net/NET-173-194-0-0-1/pft -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel