Hackin9

InfoSec News

In October 2011 [1], I released an update for the main parser script used to generate the BIND/PowerDNS configuration files. This release of the sinkhole_parser.sh script contains some important fixes, including a rewrite of the section that parses the multiple sites into 2 separate lists: site_specific_sinkhole.conf (host web list) and entire_domain_sinkhole.conf (domain wildcard web list). The script contains new lists that were not part of the 7 July 2011 release.
The script contains a fix for parsing and loading records into PowerDNS database where sometimes it would fail indicating that a record was already loaded. It has been fixed in both the sinkhole_parser.sh and powerdns_sinkhole_logs.sh (located in /usr/local/sbin) used in Webmin to load records from the GUI.
A new script, search.sh (/root/scripts) has been added to provide a search capability in Webmin (two files copied to /etc/webmin/dns-sinkhole) of the BIND DNS Sinkhole lists to verify if a particular host or domain is listed in the sinkhole.

The script is available on the handler's server here with the MD5 here. You can either untar the tarball in / or move the scripts in the location indicated in this diary.
[1] http://isc.sans.edu/diary.html?storyid=11818

[2] http://handlers.dshield.org/gbruneau/

[3] http://handlers.dshield.org/gbruneau/dns-sinkhole/dns-sinkhole-scripts.tgz
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Well, this is interesting its not often that a celebs website gets attacked and data gets leaked as well but it has happened to justinbieber. the data leak comes from a wordpress install so no doubt it was done with a common exploit that the admins have failed to secure.


 
A forum FacePunch facepunch.com has been hacked and had a small amount of account details leaked. The leak contains usernames, passwords and other information.


 
Well, i didnt expect it to process that fast, but we have some results on the claimed 100,000k email leak frm Hannibal that was targeting claimed arabics.


 
Hannibal has lived up to his word and dumped thousands of accounts from claimed "arabs" accounts. It was only just 24hrs ago that Hannibal announced this would be happening and true to his word it did.


 
Against my better judgment, I let myself get swept up by the wave of e-publishing rumors in the days leading up to Apple's education-themed announcement. Apple could do it, I thought to myself. The company had both the resources to build a great tool, and the reasons to do so.
 
Google is continuing to weed out its services and on Friday announced it will shut down Picnik, Google Message Continuity and Needlebase and make changes to some other services.
 
NuevaOrden has leaked thousands of accounts from Sexyono.com(Hot Or Not), photo ranking website and basic community. Its not often we see websites like this attacked and it doesn't really show anything at all besides a bored hacker and a in secure website which everyone knows both exist.


 
Yet another hacker has leaked more accounts this time its XRAM and they have leaked 900+ but our check turns out that 500 or so of them are already leaked or duplicates.


 
A hacker going by the handle DFnilov has continued this ongoing cyber war by dumping 500 email accounts, which 498 of them appear valid.


 
RPG hry, rpghry.cz has been hacked by a hacker using the handle T3Rr0r and as a result they have dumped 5000 accounts online. The leak contains usernames, emails and encrypted passwords.


 
Apple made it clear this week that one of the industries it hopes to reinvent is education -- an area in which the company has a long history. Columnist Ryan Faas explains what Apple has in mind for schools.
 
The quantified-self movement appears to be going mainstream, but are these people who measure everything they eat and monitor every step they take any happier or healthier than the rest of us?
 
In what has become a hot topic over the past few days since megaupload was shut down adn anonymous struck back and started widespread DDoS attacks which took down many websites has now claimed another high profile websites, this time to defacement.


 
Internet Storm Center Infocon Status