Is Google's new Public DNS server safe?

Yesterday, Google opened their new DNS service to the public. Google's strategy appears to be an attempt to compete with the popular free service called OpenDNS. In light of the ongoing slaught of DDOS attacks on sites such as Facebook and under 48 hours ago, Twitter, the infosec industry is (and they should be) concerned about Google's DNS vulnerability.

So far, as this like below documents, the relatively small amount of research that has been done suggests that Google's port usage is sufficiently randomized so as to reduce the risk of an attack.

My opinion on this though? It most definitely will be some hacker's gold star target due to the fact that Google is getting a lot of press right now. However, you would have to be totally and completely brain dead/flatlining to attempt to crack this honeypot right now. But, hey, that's why we all love dumb criminals - they have high entertainment value and are a great source of humor.

http://www.google.com/gwt/x?ct=pg1&ei=DDYtS83sGeeNoAenjojRDw&source=m&u=http%3A%2F%2Fwww.darknet.org.uk/2009/12/is-google-public-dns-safe/&whp=30&wsc=gh&wsi=29948f7e1cbaffa7
Sent on the Sprint® Now Network from my BlackBerry®

Gareth Heyes is a great security guy, as you can also visit his blog The Spanner. The newly released HTML 5 is now under the eyes of hackers and it wasn't late that the New Xss vectors have been released by Gareth Heyes .

 

 

These New Xss vectors according to Gareth are automatic in major Web Browsers from Safari, Chrome to Opera all support them. And its a matter of fact that Gareth also featured them on twitter too.

 

The injection looks something like:-

 

The new HTML 5 works on some other vectors and uses, but the great thing in there is that you don't need to bind your Xss into a css style in here. HTML5 however lets us execute like expressions but without css styles….

fSekrit is a small application for keeping encrypted notes.

 

This software is a good tool to keep Your encrypted codes or even data safe, from any external usage.

 

The great note about this great tool is that its a really small utility, it portable , that means you can keep it in your pen drive and take it with you to any other place.

 

Another advantage of using fSekrit is that your un-encrypted data is never stored on your hard disk.

 

With a traditional encryption utility you would have to decrypt your file to disk, view or edit it, and then re-encrypt it, and unless you use secure file wiping tools, it would be a trivial matter for someone to to retrieve your un-encrypted data, even though you have deleted it…

 ~ via Tech Crunch

During and after Twittergate, when a hacker broke into a few hosted email accounts and obtained a number of internal documents, I had an opportunity to spend hours speaking to the actual attacker and document how he carried out the attack.

The article was called The Anatomy of The Twitter Attack, and today we unfortunately find ourselves with a sequel to that post as the Twitter DNS servers were compromised last night and the site was redirected to a defacement page.

Unlike last time, on this occasion I have not had the benefit of speaking directly to the attackers, but have spoken to a number of people within the underground security scene familiar with matters and have constructed other parts of the story from public sources. 

The incident last night was perpetrated by a group called the Iranian Cyber Army – and we have been told that this group is working with the Iranian government...

Wireshark is the world's foremost network protocol analyzer, and is the standard across many industries and educational institutions for security stuff. Wireshark is the world’s most popular network protocol analyzer.

 

It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly.

 

It is freely available as open source, and is released under the GNU General Public License version 2

Wireshark uses pcap to capture packets from supported protocols.

• Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets.
• Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loop-back.
• Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
• Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
• Data display can be refined using a display filter.
• Plug-ins can be created for dissecting new protocols.

Hackers Have crossed the security boundaries of a widget and multi-social networking based company RockYou.com which host many users from some famous social networking websites such as MySpace, Face book and Orkut.etc

With this Hack over 30 Million users have been affected.

 

The most troubling aspect of this incident is that RockYou apparently stored the information in plain text, rather than following industry standards by encrypting it.
The hackers have claimed also that they have hacked the whole Database full of Usernames and  passwords and some private information as well.

 

Hacker appears to be forcing RockYou to admit to certain vulnerabilities in its data security.

"Don't lie to your customers, or I will publish everything"

The hacker wrote as an obvious reprimand to Rock You.

This seems to be strong words which hacker said in reply to company officials in terms to the matter of encryption.The RockYou is pretty upset it and have written that they are working on the Security measures they have used. You can read more about it Here.