A backdoor that tries to phone home usually uses DNS-queries to locate the host they should report to. These DNS queries are cached by the DNS server for some time. Dan Kaminski uses this behaviour to estimate the number of PCs that are infected by Sony’s DRM rootkit(he found more than 500.000 DNS servers that received a query related to the rootkit, leading to a conservative estimate that the number of infected PCs is in the millions).

The image shows the distribution of the located DNS servers in Europe (click here for larger maps: USA, Asia, Europe). The more I learn about DNS, the more I am intrigued by this often overlooked protocol.

Oh - Sony’s uninstaller leaves the PC even more open to further attacks.

David Wheeler took the time and had a closer look on the time spans in which no unpatched exploit for a couple of popular web browsers existed. His findings where somewhat devastating, especially for IE:

It turns out that there were only 7 days in 2004 that you could have somewhat safely used Internet Explorer (it was October 12-17), even assuming that attackers only used publicly-known attacks, and that you were only worried about the worst kind of attacks.

In tomorrow's NerdAlert we will talk about the wet four days of What The Hack. In particular we will rebroadcast a sort of "best of" of the shows we did for Subether Radio. Tune in for interviews with:

• Andreas Bogk about the end of Unix and the operating system of the future
• Sven Neuhaus about his cross site scripting scanner
• Somebody from Plan 9 about their operating system
• and some guys from Brasil about government sponsored free music (with "free" as in freedom - not in beer)

Andrew Wooster coded a little web spider to check out the various HTTP headers that are in use. He made a couple of interesting and entertaining findings.

He missed out on slashdot's Futurama themed "X-Fry" and "X-Bender" headers though:

X-Fry: I must be a robot. Why else would human women refuse to date me?

X-Bender: I'm one of those lazy, homeless bums I've been hearing about.

X-Fry: Hey look, it's that guy you are!

...

[via Sci-Fi Hi-Fi]

I am quite excited: Our little radio show Nerd Alert will be filling one of Subether’s guest slots (Subether is the temporary radio station, which will broadcast during What The Hack). We will be on air on Thursday, Friday and Saturday from 17:00 to 18:00.

Two friends of mine independently just published great new music.

Olli’s new outfit The Very Job Agency finally recorded their first CD. Three songs are available online. My hairstyle may have changed, but my heart is still a punk.

If you are a nostalgic follower of the 1990ties slogan "The guitar is dead", you may be interested in Thomas’s (also known as firestARTer) new tunes. This time he went back to his roots: All music on his new Wuppertal-EP was composed and produced on his C64. Check it out. Now. Bleep. Blob.

Check out the promotional pictures posted on the F-Secure Weblog.

These pictures are so over the top. All employees are wearing laboratory gowns. They even have got signs warning about free flying wireless viruses...

A while ago I started to use Gigadial.com to check out new podcasts. Gigaldial is a service that allows its users to create stations. These stations are basically podcast feeds consisting of single shows that are added manually. Whenever I find a podcast, which seems to be interesting enough to listen to at least once, I add the most recent show to my gigadial station. My podcatch client is subscribed to my station's feed and eventually downloads all those accumulated shows. So far, so good.

Unfortunately Gigadial provides no convenient way for adding shows. To add something to your station you have to browse trough their podcast directory, select a feed and select a show from that feed. But what I wanted is a way to add shows while I was visiting the podcast's homepage/blog.

Long story short I hacked a dirty little bookmarklet to satisfy my needs: add to Gigadial. To use it, you have to exchange STATIONID with the ID of your station.

Note though the code is far from perfect. It just adds the last mp3 that is linked to on the webpage which is displayed by your web browser. To add a certain show, you should go to the show's specific subpage of the podcast's blog (usually reachable via its permalink on the blog's frontpage). If you read your blogs with an rss-reader, this shouldnt be an issue anyway.

Oh, also the RSS autodiscovery barely works. This isn't grave because the discovery of the RSS-feeds is only frosting on the cake and not needed for the actual purpose of the bookmarklet. But feel free to fix it if you want to ;)

This is a public service announcement: A couple of colleagues and I are starting an open study group on software insecurities. Our first meeting is on Tuesday the 26th of April at 16:00. Feel free to drop by and share the fun.

Almost four months after the last CCC congress took place, the promised recordings of the lectures got released. The process took apparently so long because it was initially planned to release the audio files together with video captures of the talks. Unfortunately some problems occurred during the encoding of the videostream causing the video not to be in sync with the audio anymore.

Nevertheless the audio files are now available via Bit Torrent. Get them here (Ogg Vorbis, 2.19 GB).

I never really got why videos are so important anyway. The audio together with the slides of a talk are more than enough to follow and understand the content. I don’t see the added value of video, beside the cute lecturer’s facial expressions.

[The Turkey Curse]