DNS Issue

Recently, I attended HITB Conference here in Malaysia and found one of the section was very interesting. The titile is “Pushing the Camel Through the Eye of a Needle” by Charl van der Walt from Sensepost. I noticed that one of the tool used by him is dns2tcp which allow us to relay TCP connections through DNS traffic. I found it quite interesting, so I decided to test it.

While I was doing the testing, I came across an article quoting that one in four public DNS is still insecure and vulnerable to Kaminsky flaw. Even though DNS is consider one of the key foundation of today Internet, a lot of people still take it very lightly. Since DNS can cause many types of attacks and issues to the Internet, I decided to spend some time to explain in the next few posts about what DNS is and how exactly the DNS flaw can affect everyone.

For a start, the diagram showing on the right is how domain name arranged in a tree.

Hack In The Box Security Conference 2008

Once again, Hack In The Box (HITB) Security Conference is coming back. Basically, this conference is all about security. According to their website, HITB Sec Conf, the main aim of their conference is to enable the dissemination, discussion and sharing of deep knowledge network security information. Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, their events routinely highlight new and ground-breaking attack and defense methods that have not been seen or discussed in public before.

This year, it will be their 6th conference in Malaysia and is expected to attract over 1000 attendees from around the Asia Pacific region and from around the world. This year event will also see the introduction of a third track to their conference program called the “HITB Labs“. These new hands-on sessions are designed to give attendees a closer and deeper understanding of various security issues from physical security bypass methods to the security of RFID and other wireless based technologies.

Furthermore, this conference will also see their highly popular team-based hacking competition known as Capture The Flag (CTF). First developed and presented at Defcon in the US, the idea behind a CTF competition is to allow for teams of three to hack into prepared servers running in order to retrieve marked files or flags on these target machines. Participants will also be required to defend their systems from attack. Teams will be judged on both their defensive as well as the offensive game play. I have been  participating in this CTF game for the pass 3 years but this year, I will be just purely the conference attendee. Reason? Simple, time for me to move on and learn something new.

• Search for:

• Recent Posts

  • DNS Issue
  • Gooscan… Goo scanning???
  • Hack In The Box Security Conference 2008
  • Job Scope
  • Hello Security World!

• Categories

  • Conference
  • DNS
  • Miscellaneous
  • Security Tools

• Archives

  • November 2008
  • August 2008

• Tags

  black hat capture the flag Conference CTF DNS dns2tcp DNS flaw Domain Name System Google Google Search Appliance hack in the box HITB internet security knowledge IT security job scope Kaminsky Kaminsky flaw network security search Search Engines Security security conference security issue Web server

Copyright © 2007 Paranoid About Security • Using Dropshadow theme by Brian Gardner