Hacker News new | ask | show | jobs
by BearOso 1208 days ago
I remember reading somewhere about that talk being debunked. Maybe someone more resourceful than me can find it.

It was something about being more likely to be a human typo or a config change that rolled out to a bunch of machines. The statistics didn't add up, and it wasn't plausible that bit flips caused it.
3 comments
hayst4ck 1208 days ago
There are many places that memory exists. Your processor cache is memory. Registers are memor-ish. Hard Drives have memory. If a bit flip happens in your hard drives memory before being written to disk, then it's not unreasonable to think that the bitflip would persist, even through reboots.

I have run queries at large companies and found mistakes most easily explained as bitflips in domain names written to disk. Imagine an environmental variable configuring the use of a proxy without proper whitelists and it's not unimaginable to me that a production machine would be able to speak to machines on the internet at large.

I am open to the idea that what I think is happening might not be the mechanics of what is happening, but I find the talk believable, not based on theory, but actually seeing persisted (and non-persisted) bit flips in domain names queried from data warehoused logs at world scale companies.

link
BearOso 1208 days ago
That was the gist of the response, as far as I remember. It was repeated access from the same set of machines, so it was more likely that one bit flip persisted in a config and was subsequently rolled out to others. So the study grossly overestimated the number of actual bit flips occurring by like 20000x or something.
link
silisili 1208 days ago
Unsure about the talk, but I read a research report from someone at I think it was Cisco who purchased a second level tld of a bitsquatted US state( think statenXX.us instead of state.XX.us ). The amount of email they received was staggering, and I'd have trouble believing that many people would make that mistake in typing.
link
runnerup 1207 days ago
that's more "typo-squatting" than "bit squatting" but its definitely the same broad concept.
link
woodruffw 1208 days ago
I don't know of a debunking, but more numbers can be found in the associated blog post[1].

[1]: http://dinaburg.org/bitsquatting.html

link