Thursday, February 5, 2009

DNS Amplification Attack

Attached is a great diagram which illustrates the DNS Amplification attack through the use of recursive DNS queries. The entire explanation can be found on the source site:

Wednesday, February 4, 2009

Security Maxims

Hi All,

Herewith a presentation by Roger Johnston on Security maxims.... some a re very good :-)


Wednesday, January 28, 2009

Hiding Files within Images

Often you must have had some personal files that you wanted to hide but you did not want to encrypt them as they would still be visible to someone browsing your file system. Also encrypting files means that you must have the decrypting software as well as the password if you ever plan on decrypting it. The way to achieve secrecy without using any special software or the need to remember or give out passwords is to hide it in plain sight :-). Steganography, meaning exactly that, can resolve this. Imagine if you were able to hide a secret document you want to send to a colleague in a harmless picture in an e-mail attachment. This means your friend would not need decrypting software installed or the password you used to encrypt it. Anybody looking for the document would not know where it is as it is hiding inside a picture.

The secret to achieving this is simply to execute a binary copy from a regular DOS command prompt.

The text is: copy /b picname.jpg + secretpicname.jpg

The first part is to zip all the files you want to hide inside a zip file and then simply execute the command from a command prompt.

To extract the hidden file simply extract it using archiving software such as 7-zip, winzip, winrar etc.

Here is a cool video on how to do it:

Saturday, January 3, 2009

Google's Browser Security Handbook

Hi All,

For those of you in web development and those that need to secure web servers, Google's Browser Security Handbook will make for an interesting read.

Go check it out here: