[…] fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure. It also provides redundancy. By the time defenders block one address or domain, new ones have already been assigned.
[…]
A key means for achieving this is the use of Wildcard DNS records. These records define zones within the Domain Name System, which map domains to IP addresses. The wildcards cause DNS lookups for subdomains that do not exist, specifically by tying MX (mail exchange) records used to designate mail servers. The result is the assignment of an attacker IP to a subdomain such as malicious.example.com, even though it doesn’t exist.
Fast flux comes in two variations. Single flux creates DNS A records or AAAA records to map a single domain to many IPv4 or IPv6 addresses, respectively. Here’s a diagram illustrating the structure.
Double flux provides an additional layer of obfuscation and resiliency by, in addition to changing IP addresses, cycling through the DNS name servers used in domain lookups. Defenders have observed double flux using both Name Server (NS) and Canonical Name (CNAME) DNS records. Here’s an illustration of the technique.
“Both techniques leverage a large number of compromised hosts, usually as a botnet from across the Internet that acts as proxies or relay points, making it difficult for network defenders to identify the malicious traffic and block or perform legal enforcement takedowns of the malicious infrastructure,”
Yes.. And there’s a solution for this one too. Use DNS Pinning on your local DNS resolvers.
Web browsers themselves had to look at this a number of decades ago due to DNS Rebinding Attacks [wikipedia.org]. And the answer I’m pretty sure was to Pin DNS records whose TTL was less than 10 minutes or so to make sure DNS records will be cached for a minimum length of time, even if the TTL has been configured less.
You can handle this on your organization’s DNS servers as well:
For example; if your DNS resolver is Unbound, then set the cache-min-ttl to 24 hours.
cache-min-ttl: seconds Time to live minimum for RRsets and messages in the cache. If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more.
Then the “fast flux” attackers can’t be so effective against your infrastructure. Because the DNS records are pinned upon the first lookup. At least they won’t be able to use DNS for their fast flux network in this case – if your DNS resolvers’ policy prevents fast flux.
Rice University researchers have developed an innovative solution to a pressing environmental challenge: removing and destroying per- and polyfluoroalkyl substances (PFAS), commonly called “forever chemicals.” A study led byJames Tour, the T.T. and W.F. Chao Professor of Chemistry and professor of materials science and nanoengineering, and graduate student Phelecia Scotland unveils a method that not only eliminates PFAS from water systems but also transforms waste into high-value graphene, offering a cost-effective and sustainable approach to environmental remediation. This research was published March 31 in Nature Water.
[…]
“Our method doesn’t just destroy these hazardous chemicals; it turns waste into something of value,” Tour said. “By upcycling the spent carbon into graphene, we’ve created a process that’s not only environmentally beneficial but also economically viable, helping to offset the costs of remediation.”
The research team’s process employs flash joule heating (FJH) to tackle these challenges. By combining granular activated carbon (GAC) saturated with PFAS and mineralizing agents like sodium or calcium salts, the researchers applied a high voltage to generate temperatures exceeding 3,000 degrees Celsius in under one second. The intense heat breaks down the strong carbon-fluorine bonds in PFAS, converting them into inert, nontoxic fluoride salts. Simultaneously, the GAC is upcycled into graphene, a valuable material used in industries ranging from electronics to construction.
The research results yielded more than 96% defluorination efficiency and 99.98% removal of perfluorooctanoic acid (PFOA), one of the most common PFAS pollutants. Analytical tests confirmed that the reaction produced undetectable amounts of harmful volatile organic fluorides, a common byproduct of other PFAS treatments. The method also eliminates the secondary waste associated with traditional disposal methods such as incineration or adding spent carbon to landfills.
[…]
The implications of this research extend beyond PFOA and perfluorooctane sulfonic acid, the two most studied PFAS; it even works on the most recalcitrant PFAS type, Teflon R. The high temperatures achieved during FJH suggest that this method could degrade a wide range of PFAS compounds, paving the way for broader water treatment and waste management applications. The FJH process can also be tailored to produce other valuable carbon-based materials, including carbon nanotubes and nanodiamonds, further enhancing its versatility and economic appeal.
“With its promise of zero net cost, scalability and environmental benefits, our method represents a step forward in the fight against forever chemicals,” Scotland said
A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.
On Friday, the FBI with help from the cops searchedtwo properties in Bloomington and Carmel, Indiana, belonging to Xiaofeng Wang, a professor at the Indiana Luddy School of Informatics, Computing, and Engineering – who’s been with the American university for more than 20 years – and Nianli Ma, a lead library systems analyst and programmer also at the university.
The university has removed the professor’s profile from its website, while the Indiana Daily Student reports Wang was axed the same day the Feds swooped. It’s said the college learned the professor had taken a job at a university in Singapore, leading to the boffin’s termination by his US employer. Ma’s university profile has also vanished.
“I can confirm the FBI Indianapolis office conducted court authorized activity at homes in Carmel and Bloomington, Indiana last Friday,” the FBI told The Register. “We have no further comment at this time.”
“The Bloomington Police Department was requested to simply assist with scene security while the FBI conducted court authorized law enforcement activity at the residence,” the police added to The Register, also declining to comment further.
Reading between the lines, Prof Wang and his spouse may not necessarily be in custody, and that the Feds may have raided their homes while one or both of the couple were away and possibly already abroad. According to the student news outlet, the professor hasn’t been seen for roughly the past two weeks.
Prof Wang earned his PhD in electrical and computer engineering from Carnegie Mellon University in 2004 and joined Indiana Uni that same year. Since then, he’s become a well respected member of the IT security community, publishing extensively on Apple security, e-commerce fraud, and adversarial machine learning.
Over the course of his academic career – starting in the 1990s with computer science degrees from universities in Nanjing and Shanghai, China – Prof Wang has led research projects with funding exceeding $20 million. He was named a fellow of the IEEE in 2018, the American Association for the Advancement of Science in 2022, and the Association for Computing Machinery in 2023. He reportedly pocketed more than $380,000 in salaries in 2024, while his wife was paid $85,000.
According to neighbors in Carmel, agents arrived around 0830 on March 28, announcing: “FBI, come out!” Agents were seen removing boxes of evidence and photographing the scene.
“Indiana University was recently made aware of a federal investigation of an Indiana University faculty member,” the institution told us.
“At the direction of the FBI, Indiana University will not make any public comments regarding this investigation. In accordance with Indiana University practices, Indiana University will also not make any public comments regarding the status of this individual.”
While US Immigration and Customs Enforcement, aka ICE, has recently made headlines for detaining academic visa holders, among others, there’s no indication the agency was involved in the Indiana raids. That suggests the investigation likely goes beyond immigration matters.
Context
It wouldn’t be the first time foreign academics have come under federal scrutiny. During Trump’s first term, the Department of Justice launched the so-called “China Initiative,” aimed at uncovering economic espionage and IP theft by researchers linked to China.
The effort was widely seen as a failure, with over 50 percent of investigations dropped, some professors wrongly accused, and a few were ultimately found guilty of nothing more than hoarding pirated porn.
The initiative was also widely criticized as counterproductive, prompting an exodus of Chinese researchers from the US and pushing some American-based scientists to relocate to the Chinese mainland. History has seen this movie before: During the 1950s Red Scare, America booted prominent rocket scientist Qian Xuesen over suspected communist ties. He went on to become the architect of China’s missile and space programs — a move that helped Beijing get its intercontinental ballistic missiles, aka ICBMs.
Wang and Ma are still incommunicado, and presumed innocent. Fellow academics in the security industry have pointed out this kind of action is highly unusual. Matt Blaze, Tor Project board member and the McDevitt Chair of Computer Science and Law at Georgetown University, pointed out that to disappear from the university’s records, archived here, is “especially concerning.”
“It’s hard to imagine what reason there could be for the university to scrub its website as if he never worked there,” Blaze said on Mastodon.
“While there’s a process for removing tenured faculty, it takes more than an afternoon to do it.”
