Thursday, February 5, 2009

DNS Amplification Attack

Attached is a great diagram which illustrates the DNS Amplification attack through the use of recursive DNS queries. The entire explanation can be found on the source site: http://securitytnt.com/dns-amplification-attack/

Wednesday, February 4, 2009

Security Maxims

Hi All,

Herewith a presentation by Roger Johnston on Security maxims.... some a re very good :-)


Chris

Wednesday, January 28, 2009

Hiding Files within Images

Often you must have had some personal files that you wanted to hide but you did not want to encrypt them as they would still be visible to someone browsing your file system. Also encrypting files means that you must have the decrypting software as well as the password if you ever plan on decrypting it. The way to achieve secrecy without using any special software or the need to remember or give out passwords is to hide it in plain sight :-). Steganography, meaning exactly that, can resolve this. Imagine if you were able to hide a secret document you want to send to a colleague in a harmless picture in an e-mail attachment. This means your friend would not need decrypting software installed or the password you used to encrypt it. Anybody looking for the document would not know where it is as it is hiding inside a picture.

The secret to achieving this is simply to execute a binary copy from a regular DOS command prompt.

The text is: copy /b picname.jpg + archivename.zip secretpicname.jpg

The first part is to zip all the files you want to hide inside a zip file and then simply execute the command from a command prompt.

To extract the hidden file simply extract it using archiving software such as 7-zip, winzip, winrar etc.

Here is a cool video on how to do it: http://www.youtube.com/watch?v=q6AQL55zMR4

Saturday, January 3, 2009

Google's Browser Security Handbook

Hi All,

For those of you in web development and those that need to secure web servers, Google's Browser Security Handbook will make for an interesting read.

Go check it out here: http://code.google.com/p/browsersec/wiki/Main

Chris