nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by jon909

5 posts • joined 20 Apr 2016

Post-silly season blues leave me bereft of autonomous robot limbs

jon909

Foodvisor's crap AI

The App is a cover for a company wanting to tune its AI algorithms by getting end users to correct its mistakes. CAPCHAs have been doing this for years.

5
0

There is no perceived IT generation gap: Young people really are thick

jon909

https://dogs.lovetoknow.com/dog-health/what-causes-white-dog-poo

2
0

Commodore 64 makes a half-sized comeback

jon909

I wonder what they're doing to emulate the SID chip.

0
0

City of Moscow to ditch 600k Exchange and Outlook licences

jon909

http://www.geek.com/microsoft/10-years-later-munich-may-dump-linux-for-windows-1602234/

1
5

VXers pass stolen card data over DNS

jon909

Hackers only need to look up an A record to a (sub)domain they control. The victim's IP and credit card(s) can be encrypted and encoded into an ASCII DNS name eg ip.creditcard.comprimised.dyndns.org

The lookup might fail but the hackers' DNS server would have a log of the lookup or they could just reply with whatever data they want ie an IP thats really a fragment of remote command data.

Therefore remote command requests and replies wouldn't even need to rely on TXT records and any usual proxying and UDP/TCP filtering of port 53 would not help.

I guess the thing to look out for is to be suspicious of A records that aren't the root or www AND to clamp down on excessive lookups on the same domain.

Practical solution? Get payment service providers to host "secure DNS".

0
0

The Register - Independent news and views for the tech community. Part of Situation Publishing