Thu, 28 Oct 2010
I just noticed a security vulnerability in T eamSpeak, a voice chat application used by gamers. Apparently one can gain system level access through the TS client.
While you're having fun, someone can gain admin rights on your machine. How festive.
Thu, 30 Sep 2010
Sat, 25 Sep 2010
6:32 PM - Advertising in software
Today, I got an ad from my antivirus software for a useless utility product. I hate ads in software I have purchased. I can deal with it in games when it's product placement to a degree to cover costs like servers for multiplayer. However, when I bought antivirus software from a SECURITY company, I expect it to be free of bullshit.
My product expires in October so I'm going to try out the free Microsoft security essentials software then instead of buying an AV program. I haven't found one virus the entire year which means either I'm at a low thread level or the software didn't work. Either way, I don't see the point of spending $50 to protect our 3 inferior Windows boxes.
Sat, 6 Feb 2010
11:57 AM - DNS and DNSSEC
About ten years ago, dnssec was invented to deal with a problem plaguing the Internet. There is no trust in the DNS system.
Many people might have heard the term DNS, but never thought about what it is. DNS, or the Domain Name System, is the process by which a domain name like midnightbsd.org is translated into an IP address 188.8.131.52. Without this system, one would need to type in IP addresses to access websites, send email, or chat online.
The system was invented at a simpler time when people trusted each other on the Internet. This was before worms, massive spam, or websites.
Today, many people try to impersonate others on the Internet or worse yet, their websites. You could create a DNS poisoning attack so that a user accessing a DNS server to lookup google.com is redirected to a fake site. This site could log information and pass requests to the real google.com through a proxy. The user may never know the difference.
Systems like DNSSEC validate DNS queries by a trust relationship.
Individuals don't need to do much to use DNSSEC aside from purchasing updated software. Windows 7 had DNSSEC on it's list of new features (not confirmed it was added in final builds). The client (your computer) must be able to understand DNSSEC queries for it to be of any use. Otherwise, it is simply ignored.
System administrators must enable DNSSEC on their DNS servers (resolvers) as well as on zones to get the full benefit. You can think of a zone as a domain name. Things can be further divided into sub zones such as .com vs midnightbsd.org.
Enabling DNSSEC on BIND 9.4+ resolvers
dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";