DNS Issue

Recently, I attended HITB Conference here in Malaysia and found one of the section was very interesting. The titile is “Pushing the Camel Through the Eye of a Needle” by Charl van der Walt from Sensepost. I noticed that one of the tool used by him is dns2tcp which allow us to relay TCP connections through DNS traffic. I found it quite interesting, so I decided to test it.

While I was doing the testing, I came across an article quoting that one in four public DNS is still insecure and vulnerable to Kaminsky flaw. Even though DNS is consider one of the key foundation of today Internet, a lot of people still take it very lightly. Since DNS can cause many types of attacks and issues to the Internet, I decided to spend some time to explain in the next few posts about what DNS is and how exactly the DNS flaw can affect everyone.

For a start, the diagram showing on the right is how domain name arranged in a tree.

Gooscan… Goo scanning???

I read a post about this Gooscan this morning. My first impression for this tool is basically should be something to do with Google. And further reading proved my point.

So what exactly is Gooscan…?  Mm… how about Google Scan..? Will it be better?

Basically, it is an automated query tool against Google search appliance. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

But before we go into this tool and just launch the button, you may want to take a closer look on this: From Google ToS - “You may not send automated queries of any sort to Google’s system without express permission in advance from Google.”

This means that you should not use this tool to query Google without advance express permission. Google appliances, however, do not have these limitations. You should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with
any automated tool for various legal and moral reasons.

Of course, the author wrote this tool not to violate Google’s terms of service (ToS), but to raise the awareness of the web security community that a ToS may not discourage the bad guys from writing and running a tool like this for malicious purposes. To that end, only use this tool to query ‘appliances’ unless you are prepared to face the (as yet unquantified) wrath of Google.

So, use the tool with care please..

Here you go - Gooscan V1.0

Hack In The Box Security Conference 2008

Once again, Hack In The Box (HITB) Security Conference is coming back. Basically, this conference is all about security. According to their website, HITB Sec Conf, the main aim of their conference is to enable the dissemination, discussion and sharing of deep knowledge network security information. Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, their events routinely highlight new and ground-breaking attack and defense methods that have not been seen or discussed in public before.

This year, it will be their 6th conference in Malaysia and is expected to attract over 1000 attendees from around the Asia Pacific region and from around the world. This year event will also see the introduction of a third track to their conference program called the “HITB Labs“. These new hands-on sessions are designed to give attendees a closer and deeper understanding of various security issues from physical security bypass methods to the security of RFID and other wireless based technologies.

Furthermore, this conference will also see their highly popular team-based hacking competition known as Capture The Flag (CTF). First developed and presented at Defcon in the US, the idea behind a CTF competition is to allow for teams of three to hack into prepared servers running in order to retrieve marked files or flags on these target machines. Participants will also be required to defend their systems from attack. Teams will be judged on both their defensive as well as the offensive game play. I have been  participating in this CTF game for the pass 3 years but this year, I will be just purely the conference attendee. Reason? Simple, time for me to move on and learn something new.

Job Scope

Job Scope, today, or probably to be exact, this week, i am starting to change my job scope to pre-sales consultant. Ya, I will be more focus on pre-sales, basically involve in the sales activity.

For me, it is a relieve because I no longer need to in charge of all the support issue, inventory, workshop, etc. Even though I will focus on sales activity but I still need to have my technical knowledge improve in order to give advise or recommendation to my customer.

So, it is kind of a upgrade for myself and I will continue to improve and share my experience here.

Hello Security World!

Welcome to Security Patching blog. The purpose of the blog is basically to share my IT security knowledge and experience with anyone who wanted to learn about the industry. It also serves as my technical knowledge portal so that I can always refer back to those things I forgot :P.

So, stay tuned for my next post.

• Search for:

• Recent Posts

  • DNS Issue
  • Gooscan… Goo scanning???
  • Hack In The Box Security Conference 2008
  • Job Scope
  • Hello Security World!

• Categories

  • Conference
  • DNS
  • Miscellaneous
  • Security Tools

• Archives

  • November 2008
  • August 2008

• Tags

  black hat capture the flag Conference CTF DNS dns2tcp DNS flaw Domain Name System Google Google Search Appliance hack in the box HITB internet security knowledge IT security job scope Kaminsky Kaminsky flaw network security search Search Engines Security security conference security issue Web server

Copyright © 2007 Paranoid About Security • Using Dropshadow theme by Brian Gardner