Friday, June 8, 2012

DNS Security (Part 4 of 4)

As we conclude this series on DNS Security, what can we botters do to improve our security?

The first step is to analyse what DNS servers you are actually using and how you can improve it.  Gibson Research Corporation has a wonderful utility for this located at  It goes into far more detail than I can here.

With the Linkedin Password leaking story of this week, it is important to remember how passwords are utilized.  Many sites will use a well known algorithm like MD5 to change the password into a blobby string.  This blobby string is then compared to a database which is stored on the server which you desire access to.

When you hear about a site losing control of their passwords, it is this database which has been compromised.  With possession of this database, the bad guys can compare these password hashes to their database of common passwords being hashed with MD5 and other hashes.  These are known as Rainbow Tables.

By the way, the fix for this is very simple, it is called Salting the Hash.  In addition to using this well known algorithm, a smart person will add their own secret salt recipe to the mix so that even knowing the hashed password, it will do the bad guy no good, and they will not know how to generate it.

So use this news story as an excuse to not only change your Linkedin password, but all your passwords.  Remember to use a long password as well, the longer the better.  If you desire a 2013 view on how passwords should be constructed, visit

No comments:

Post a Comment