Blog Entries
Windows Remote Desktop via Internet
2012 Dec 7, 2:04
To setup my home Windows�dev box to be accessible from outside I followed two main steps:
- �Configure my router to forward the remote desktop port.
- �Setup a free dynamic DNS service.
DSL modem hack used to infect millions with banking fraud malware | Ars Technica
2012 Oct 1, 6:33According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.
The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.
SkullSecurity » Blog Archive » Stuffing Javascript into DNS names
2012 Aug 27, 4:25dnsxss tool helps you inject via DNS
…what it does is, essentially, respond to DNS requests for CNAME, MX, TXT, and NS records with Javascript code. … how about SQL injection?
Use Windows Live Hotmail with your own custom domain
2012 Jun 4, 2:49In Win8 you login with a Windows Live account. If you hook up a custom domain to a Live account you can login with that custom domain.
Scorching legal response from Dajaz1.com to the unsealed US gov't docs on the illegal, sleazy seizure of its domain name
2012 May 7, 1:25Its all quite shocking.
Fourth , when I explained that the blog publisher had received music from the industry itself, a government attorney replied that authorization was an “affirmative defense” that need not be taken into account by the government in carrying out the seizure. That was stunning.
Namecheap to Donate $1 to EFF for Every Domain Transfer on December 29th (namecheap.com)
2011 Dec 27, 2:42Anti-SOPA registrar will help you leave GoDaddy for anywhere, even the competition
2011 Dec 23, 1:42I’ve heard of hover previously. Sounds like a good place to go.
draft-liman-tld-names-06 - Top Level Domain Name Specification
2011 Dec 4, 3:00“The syntax for allowed Top-Level Domain (TLD) labels in the Domain Name System (DNS) is not clearly applicable to the encoding of Internationalised Domain Names (IDNs) as TLDs. This document provides a concise specification of TLD label syntax based on existing syntax documentation, extended minimally to accommodate IDNs.” Still irritated about arbitrary TLDs.
Millions of routers vulnerable to new version of old attack
2010 Jul 20, 6:45Hack based on DNS rebinding plus home router's web front end.IDN TLD Update
2010 May 6, 5:48New IDN TLDs are up. Try out http://xn----rmckbbajlc6dj7bxne2c.xn--wgbh1c/ (aka http://وزارة-الأتصالات.مصر/) in your favorite IDN implementing browser.Comcast DNSSEC Trial FAQs
2010 Feb 25, 4:10Comcast is running an opt-in DNSSEC trial for all Comcast customers. Their FAQ covers the incompat. of DNSSEC with their Comcast Domain Helper (typo DNS redirects to Comcast ads... bleh!): "What happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC? We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC. Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented." Yay!IANA — .ARPA Zone Management
2010 Jan 15, 3:19"The .arpa domain is the “Address and Routing Parameter Area” domain and is designated to be used exclusively for Internet-infrastructure purposes. It is administered by the IANA in cooperation with the Internet technical community under the guidance of the Internet Architecture Board. For the management guidelines and operational requirements of the .arpa domain, see RFC 3172."WPAD Server Fiddler Extension
2010 Jan 5, 7:42I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler Extension.
Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.
When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.
Various documents and tools I found useful while working on this:
- WPAD IETF draft document the never out of draft document describing WPAD
- DHCP RFC
- DHCP options RFC
- DHCP Wikipedia article which includes helpful byte layout tables for DHCP messages.
- Fiddler Wiki esp. the dev section but also the portion on the new preferences API.
- Fiddler Dev Docs and for those things not covered in the Fiddler docs, Visual Studio's name completion (or the .NET Reflector) usually served me well.
- Netmon a great network sniffing tool for all my non-HTTP network inspection needs.
- Tiny DHCP Server on CodeProject which implements a conventional DHCP server.
curlies - Project Hosting on Google Code
2009 Dec 23, 9:58Results of a set of black box tests on various characters in various parts of URLs in various popular browsers.Google Public DNS
2009 Dec 3, 4:52Having replaced HTTP with SPDY, Google digs deeper into the Web stack providing their own DNS servers. Also, as Waxy noted, you can't argue with the most memorable IP addresses I've seen: "Configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers". Also check out their DNS server's DNS prefetching in the performance notes.Bits Up!: DNS Prefetching for Firefox
2009 Jun 22, 3:28Details on Firefox's DNS prefetching: "The Firefox implementation takes this approach one step further than just pre-resolving anchor href hostnames. It uses the prefetch logic on URLs that are being included in the current document. By this I mean that it uses the prefetch logic on things like images, css, and jscript that are being loaded right away, in addition to anchor links which might be clicked on at a slightly later time."Chromium Blog: DNS Prefetching (or Pre-Resolving)
2009 Jun 22, 2:55"To speed up browsing, Google Chrome resolves domain names before the user navigates, typically while the user is viewing a web page." In addition to noting what and how they do it, and how web devs can control it, they give a few stats on how much it helps.Controlling DNS prefetching - MDC
2009 Jun 22, 2:53"Firefox 3.5 performs DNS prefetching. This is a feature by which Firefox proactively performs domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."A Brief History of Microsoft's Live Search's New Domain Bing
2009 Jun 1, 11:07
- 2003 July: The first archived version of bing.com features "bing! is a small device (e.g., possibly even a small Band-Aid(R)-like sticker!) that vibrates when a person's cell phone rings." I can't recall 2003 cell phones, were they big enough to require this device?
- 2004 August: Site for the same device is rewritten and looks much better, IMHO.
- 2006 June: The domain is now parked by easyDNS. I guess the "bing!" device didn't work out?
- 2006 November: Its now "BING*" and they won't say what they're working on ("we're still in stealth mode") but they are hiring C#/.NET developers.
- 2007 January: And they're gone. Without even exiting stealth mode. Too bad, I liked their logo. Their domain is now for sale...
- 2007 February: Looks like EasyMail buys the domain and offers a physical mailing service in Australia: "By simply clicking a button on your computer, mail is beamed electronically to a bing post office. Your mail is automatically printed, folded, enveloped and dispatched into the Australia Post network the very same day."
- Present: Now its the new home for Live Search of course.
The new name reminds me of the show Friends. Also, I hope they get a new favicon - I don't enjoy the stretched 'b' nor its color scheme.
Some rights reserved