In early October, the international project “Cyber Security in the Danube Region” organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post in which I would like to draw attention of the security community in the Czech Republic to two very interesting free tools.
Scripting in Knot DNS Resolver
This week I was approached by a man dressed in platypus pyjamas, he asked me: “These layers and modules you talk about, they’re cool. But can it be even better?”. After the initial costume distraction wore off, I pondered a bit and said: “Sure, let me just grab a cup of coffee”. The real story is that the layers are now much more interactive, and the documentation is improved.
MojeID now speaks more languages: it has learned the SAML and OpenID Connect protocols
Since its establishment in 2010, the mojeID service was closely connected with the OpenID 2.0 authentication protocol. This protocol was the best choice for us at the time, as it combined the implementation simplicity with availability of libraries for various programming languages. However, OpenID 2.0 is not the only authentication protocol. I wrote in our blog (only in Czech) about several others, like the SAML protocol or OpenID Connect. Especially for the latter one, OpenID Connect, standardization of which was finished at the beginning of last year, analysts forecast a promising future. The good news is that mojeID is no longer “monolingual”, it is now able to communicate with service providers via the mentioned protocols.
Knot DNS Recursive goes beta
DNSSEC – RFC7646 NTA – RFC5011 TA updates
Insistent router botnet
Not so long ago, monitoring attackers in our telnet honeypots helped reveal an interesting botnet composed of ASUS brand home routers. A botnet trying to log into our SSH honeypot running on Turris routers most frequently in the last two weeks is a botnet whose IP addresses, according to Shodan, often have one common characteristic: they respond with cookie AIROS_SESSIONID on port 80. This cookie points at AirOS running on Ubiquiti airRouter. According to data from Shodan, about 20% of attacking IP addresses out of a total of about 6500 can be identified as AirOS due to this cookie. Many addresses, however, come from dynamic pools yet unknown to Shodan.
Embedding LuaJIT in 30 minutes (or so)
Since you’re reading this, you probably know Lua, the world’s most infuriating language. If not, hop on to Lua in 15 minutes to get the basics right. Now there are two types of use cases where Lua shines – as a tiny script/configuration language, and for high-performance data processing (with JIT). I went through both of them with kresd, and wrote down some notes.
Knot recursive fortnightly, August 11th 2015
validator – need for speed – RPZ – views – new tests
The “rom-0” vulnerability one year later
In previous blogposts on the “rom-0” bug in 2014 and earlier this year, I first explained its nature and gave instructions on its patching.
New Features in Knot DNS 2.0
It has been a few weeks since the final version of Knot DNS 2.0 came out. While it’s still fresh, I would like to explain our motivation for this new major version and also to summarize the most important changes included in this significant release.
IETF 93 in figures
Last week Prague (and our Association together with the Brocade company) hosted the IETF 93 summit. You might have read about the functioning of this community at Root.cz, in the article (in Czech language only) by Ladislav Lhotka from our labs. The same server wrote (in Czech language only) also about Edward Snowden’s (virtual) participation in the summit.