Category: security

security stuff

Anatomy of a public DNS breakin

Anatomy of a public DNS breakin

Hiya, Today I am going to walk you through discovering and potentially leveraging open DNS servers in an effort to show you why you should be careful with the DNS blocking tools that have steadily become popular. Check it out here.

UART and you gaining root on random hardware

UART and you gaining root on random hardware

Hello, today I hope to explain to you UART. We will take a shallow dive into the world serial device access and what it may mean from a technological and security perspective. 

I am a normal guy that wants to bring as much security information to this forum as I have time to do. I understand that it isn’t really the focus of this site but the more eyes and DIYs that can see it the better. We are in an ever growing technological field, and while gaming is fun there are a lot of moving parts now from the days of original DOOM.

Check it out here.

Excuse me sir, where are you headed?

Excuse me sir, where are you headed?

Today I was adding a regex list to my pi-hole. I have been running my pi-hole as both my DHCP and DNS server in my unifi stack for months. I wanted to try out some regex lists and while I was making the edit I realized I never wrote about my DNS over https experience. It’s been a few weeks so it’s the perfect time to comment on it.

So I have seen and heard about DNS over HTTPS for awhile now and just never got around to doing it. Now for people that don’t know and kind of technically apt wikipedia’s first paragraph on the subject explains it well.

For those that don’t understand maybe you have seen something like this while going to a site or searching.

Related image

This generally happens when you are using your ISP DNS servers to lookup websites. For the most part this is a lot of world and a large percentage of everyday users using there ISPs default settings and equipment. Now we can see in the picture that WOW! in this case intercepted and redirected us to a different result instead of just showing us an error page.

This goes a bit deeper though. Other DNS providers like Googles log and keep this data. Like many others they sample some and save others. The usage rights generally state they strip some personal information and permanently store the rest for analysis.

However, this data and other data from other providers including your ISP is also often sold. This allows bigger marketing conglomerates to keep analyse and use the data for targeted advertising. Now while it has happened via data breaches etc, I am not going to soap box about cliche terms like “big data” and scare you about your personal data being stolen and used. It already is and you should already know that. You should also already know this all applies to hackers and malware authors, and that if a marketing dept can do it they can too.

Now, DNS over HTTPS to a reputable company however can help. It encrypts the request between your computer and the server that has to answer. Combined with a service that stands by your privacy rights you have a winning combo. Now while a privacy policy focused on privacy is good they can change; but it’s better to lean towards that as opposed to a company that doesn’t. Take it all with a grain of salt.

Anyway, with the pihole I use cloudflared. I used this specific guide because I’m so smart I could do it myself. Now while it is true like I hinted above that someone needs to be able to see your DNS request for them to well….make it. Encrypting the connection and using a provider that is security conscious is just one more layer to the security onion.

I implemented cloudflared a few weeks ago as I was saying. I also make sure to utilize DNSSEC which is supported by cloudflares name servers (the ones that handle the DNS requests). Now the wife and roommate can be demanding if netflix or other random services don’t work.

However, I can say that thus far with a modest blocklist everything has been going great! DNS requests are quick so things load quickly and otherwise it’s been business as usual. Maybe a little less pomp and circumstance that I would have liked but if nothing changed then it means its working correctly.

The cache, clocklists, and actual resolver are all doing there job. It’s a well oiled machine.

At some point I encourage everyone to utilize DNS over HTTPS. Be it cloudflared or not. Its easy to implement and if you chose pihole as your host as well you now have easy DNS curation built in. I personally run mine on a virtual machine and it hums along nicely.

Go give security a chance. Change your passwords, use good rules, uninstall weird stuff. Tweak your AV. Curate your outlook rules.

Take care of yourself out there.