lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 07 Jun 2014 09:58:04 -0700
From: "Dave Warren" <davew@...eahit.com>
To: "surivaton surivaton" <surivaton@...il.com>
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] TrueCrypt?

Given that everything in that zone is public anyway, what's the problem?

I agree that locking down zone transfers is best practise, and allowing open transfers is odd, but this one looks simple enough and straightforward enough that I have trouble getting too excited about public information being public. 


> On Jun 6, 2014, at 17:49, "surivaton surivaton" <surivaton@...il.com> wrote:
> 
> Truecrypt is either stupid or its they way of telling everyone
> something is wrong.
> Why?
> root@...i:~# fierce -dns truecrypt.org
> DNS Servers for truecrypt.org:
>    ns1.truecrypt.org
>    ns2.truecrypt.org
> 
> Trying zone transfer first...
>    Testing ns1.truecrypt.org
> 
> Whoah, it worked - misconfigured DNS server found:
> truecrypt.org.    259200    IN    SOA    ns1.truecrypt.org.
> dns-admin.truecrypt.org. (
>                    2010021509    ; Serial
>                    10800    ; Refresh
>                    3600    ; Retry
>                    604800    ; Expire
>                    10800 )    ; Minimum TTL
> truecrypt.org.    259200    IN    NS    ns1.truecrypt.org.
> truecrypt.org.    259200    IN    NS    ns2.truecrypt.org.
> truecrypt.org.    259200    IN    A    72.233.34.82
> truecrypt.org.    259200    IN    MX    10 truecrypt.org.
> truecrypt.org.    259200    IN    TXT    "v=spf1 ip4:72.233.34.82
> mx:truecrypt.org -all"
> forums.truecrypt.org.    259200    IN    A    72.233.34.83
> ns1.truecrypt.org.    259200    IN    A    72.233.34.82
> ns2.truecrypt.org.    259200    IN    A    72.233.34.84
> upload.truecrypt.org.    259200    IN    A    72.233.34.84
> www.truecrypt.org.    259200    IN    A    72.233.34.82
> 
> There isn't much point continuing, you have everything.
> Have a nice day.
> Exiting...
> root@...i:~#
> Who in there right mind lets you do zone transfers.
> I mean seriously back in windows server 2003 it was common but god
> damn I think they are trying to tell us something.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists