Happy-Dude's Page
Happy-Dude's Groups
-
HoH Incubator
(22 members)
-
C/C++ Programmers
(58 members)
-
Reversing
(118 members)
-
Student h4x0r's
(138 members)
-
[PHCN]
(28 members)
Happy-Dude's discussions
Need to read up on some computer laws of my country, a little help directing me?
4 Replies
Started this discussion. Last reply by Happy-Dude Jul 23.
Latest Activity
Sep 1
Aug 30
Aug 5
Aug 5
Aug 1
Aug 1
Jul 30
Profile
- Real Name:
- Stan
- Occupation:
- Student
About House of Hackers
Petko D. (pdp) Petkov
created this social network on Ning.
© 2008 Created by Petko D. (pdp) Petkov on Ning. Create your own social network
Comment Wall (15 comments)
You need to be a member of House of Hackers to add comments!
Join this network
Patched Immediately
Since i work for the Government we had the patches when the vendors did before they were released to the public.
1) Port Randimization allows users to be pushed to incorrect sites or locations for other protocol transfers.
2) The DNS flaw is right because it is part of the underlying source code. No one can change this all that can be done is to hide it aka basically make it time consuming to hack.
3) Simply put it this way if you can point a user that thinks they are going to www.google.com to send them www.sysadmins.google.com and insert and flash or Active X download script you can take control of there network. For example the TTL (Time to live) on a cache of a company may be 24 hours. If you can change this within say the first 19 hours of the ttl then you will have every user and server pushing ppl to www.sysadmin.google.com for 5 hours. This could allow you to push malicious software to every machine that accesses this site.
You could also infect a server with Malicious code this way and allow you to manually at a later time reroute whatever traffic you wanted provided the code you gave the server allows access at any time.
Dan will show examples of how and what to do
I may attend this Security conference however if i do not there will be video streams of this online this way we can watch it.
Basically its explained like this if you are trying to penetrate a home user it is not worth it. The best ones would be an ISP server.
You then have thousands or millions of users pointing to a fake location.
I have done some reverse engineering on the patches from Microsoft and they have done a great job covering up this error in the code.
Since this exploit is in the source code in order to completly fix it you would have to rewrite DNS which is almost impossible considering it is implementing on every router/switch/server/host in the world
regardless of the O/S
Any other questions?
Anything Specific?
I have the file on my server @ home
Just wanted to update you on the software
What are you doing?
other then that regarding DNS port randimization allows for mutiple data I/O and allows for updates and upgrades on network access in the future. Dan's DNS flaw has to do with the source level of DNS. I dont really have much more information on that yet since the Convention where he will release the flaw is in the beginning of august once i get more information i can give you an explaination of it.
Check it and then you will get the software
buddy
View All Comments