[Python-Dev] [RELEASED] Python 3.4.0b2
Stephen J. Turnbull
stephen at xemacs.org
Mon Jan 6 06:36:33 CET 2014
Bob Hanson writes:
> On Sun, 5 Jan 2014 20:09:23 -0600, Tim Peters wrote:
>
> > As Benjamin asked, could you please flesh out what
> > "blah-blah-blah-dot-com" means - what, exactly, was the site your
> > firewall warned you about?
>
> Forgive me, but I'm an old man with very poor vision. Using my
> magnifying glass, I see it is two very long URLs ending with
> something like after the blah-blah: < ... akametechnology.com>
I suppose you tried cutting and pasting? Note that you don't need to
be exact as long as you're pretty sure you got the whole thing -- your
readers who have better eyesight can parse out the URL easily enough.
> More precisely, these two IP addresses:
> 23.59.190.113:80
> 23.59.190.106:80
Somebody who doesn't know the rules of capitalization (see
ww1.akamitechnologies.com) appears to be spoofing Akamai (the web
caching/distribution service used by President Obama among other
prominent users).
The domain referenced is presumably some variation on
<IP address>.deploy.static.akamitechnologies.com (according to host <IP>),
and the long URL is rooted at /ses/ so it's trying to convince you
it's a session (whether that is actually true or not I don't know,
that's just what I would guess if I were trying to reverse engineer an
honest URL, which this sure doesn't seem to be).
So your alarm seems to be verified, but why this happened to a Python
download I don't know. It could be DNS hacking between you and
python.org, as well as something in the Python MSI.
HTH
Steve
More information about the Python-Dev
mailing list