14 posts about

Root DNS Servers Experienced DDoS Attack with 5 Million Queries per Second

A report from Root [DNS] Server Operations or rootops published on December 4th, 2015 stated that the Internet Domain Name System’s root name servers received a high rate of DNS queries over two separate intervals. The incidents occurred on November 30, 2015 and December 1st, 2015. The queries were “well-formed, valid DNS messages for a single domain...
Read More

Bind DNS Server major flaw could let a script kiddie bring down large number of DNS servers

BIND is most widely used DNS Server to date. A major flaw was found in BIND’s versions from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. (CVE-2015-5477) Attackers can exploit it by sending vulnerable servers a malformed packet that’s quite easy to...
Read More

Internet Anonymity Pros and Cons

Anonymity over the Internet has largely helped journalists escape clinching firewalls and surveillance of their governments. In fact, Freedom of the Press Foundation recommends use of The Onion Router (TOR) to better protect journalists’ from surveillance and in many instances prison (Lee, 2013). Anonymity in the World Wide Web allows political activists, whistle-blowers, and everyday citizens to present...
Read More

Automate DNS Zone Transfer

/bin/bash #Simple zone transfer bash script with $1 being first argument given #Tested against zonetransfer.me #for example ./zonetransfer.sh zonetransfer.me if [ -z "$1" ];then echo "[] Simple Zone Transfer script" echo "[] Usage : $0 " exit 0 fi #if argument was given, identify DNS servers for domain. #For each of these servers, attempt a zone transfer for server...
Read More

Google's No Captcha reCaptcha Breakable?

Google's No Captcha reCaptcha Breakable? thumbnail
Egor Homakov of Sakurity claims, I’d say proved, that Google’s No Captcha reCaptcha might not be as bot proof as we thought. Due to reCAPTCHA’s reliance on user’s previous behavior (cookies), going incognito brings you to old school Captcha again. Now remember, this is same captcha Google said, and we agree, is not secure...
Read More

The author would love to hear your comments. Let us discuss at Twitter @hashtaginfosec.