Thursday, July 30, 2009

DNS-Redirects

Nobody likes DNS-Redirects. Even IETF said recently (http://www.icann.org/en/committees/security/sac041.pdf):

The redirection and synthesizing of DNS responses by TLDs poses a clear and significant
danger to the security and stability of the domain name system. The consequences of
synthesized DNS responses range from erosion of trust relationships to the creation of
new opportunities for malicious attacks, without the ability of the affected party(ies) to mitigate these problems.


Serversniff stumbles over this shit, too. Currently the TLDs .mobi, .jobs and .asia use this - they answer every dns-request with an ip, even if a domain won't exist.

They don't dare to present a http-landing-page (like e.g. t-online.de does) - but in fact they resolve every query to an IP, misleading quite a few of serversniff's scripts. We're workin to fix this - but this takes time, for we need to fix every ip-lookup-routine.

totally useless shit.

tom

Tuesday, July 21, 2009

to be unique or not

Way back in 2004 I created serversniff
* to help myself managing and doing my pentests
* to help others checking their sites
* to help myself understanding stuff. cryptology, protocols etc
* to help others understanding stuff. cryptology, protocols etc

and finally, to create something unique and new.

Why should i reinvent the wheel, why invest time to offer services that others already offer for free?

I'm a bit puzzled about the occasional inquirys to "donate" sourcecode for somebody's public site. People are not ashamed to ask for ready-to-run code to implement serversniff's functions on their sites. And no, it's not just one or to mails coming in with such requests. Anyway, i still see serversniff as more or less academic, and primary educational stuff. I give out advice, concepts and snippets of code as long as the request is friendly and nice.

But still: It wouldn't come to my mind to ask anybody to donate code of his website so that i can implement it in any of my sites. I'm still eager to learn necessary stuff before i start coding php-scripts, i'm still committed to create unique services that aren't to be found anywhere else in this flavour or quality.

While serversniff's script use crappy php-code and the server itself is unstable like a one-legged stool i'd never try to release a service unless i'm convinced that it has something unique or does its job better than all other sites.

Maybe there's just somehting wrong with my mind.

tom

Serversniff on Twitter

We're implementing and fixing quite a lot on what we call "Serversniff 2.0", currently hosted on http://webwiki.de. Since it's plain to much to blog it all in detail, we decided to put the updates and fixes on a twitter-feed hosted at http://twitter.com/serversniff.

Follow there if you want to stay tuned about news and fixes concerning serversniff.

tom

Wednesday, July 15, 2009

Site-Analyzer: Added Page-Rank detection - http://webwiki.de/taglists/pagerank-8

Added a page-rank-detection for sites.
If a site has a page-rank, it is displayed at site-analyzer.
Page-Ranks of 5 and higher get tagged, so we'll build up a list of
sites with high-pageranks. Since the feature is brand new, there is
not really much in there right now - but you might try to list all
sites having a Google-Page-Rank of 8 here:
http://webwiki.de/taglists/pagerank-8
 
tom

Tuesday, July 14, 2009

New links in Site-Analyzer

I just implemented links to Symantec/Norton's SafeWeb-Analyzer
(https://safeweb.norton.com/), McAfee's SiteAdvisor
(https://www.siteadvisor.com/) and Googles SafeBrowsing
(http://google.com/safebrowsing/diagnostic?site=www.bayern.de).
 
If you're in doubt wether to trust a site you might check it first on
these sites.
 
Do you know any other relevant malware-checks?
 
Comment here or drop me a mail:
 
tom@serversniff.net

experiment: switched from http://thumbshots.com to http://shrinktheweb.com

we switched the site-image-hosting from thumbshots.com to
http://shrinktheweb.com
pictures are bigger and it seems faster. shrinktheweb.com has tighter
limits for the free version - we'll see if this is enough.
 
tom

added wp-post-ratings and wp-quotes-collection

Added support for random Wordpress-Plugins.

bugfix: fixed site-analyzer-api-output with multiple site-analyzers

i can't imagine why anybody wants to use more than one tracking-pixel....
anyway, i fixed the api-output as well.

implemented statcount.com-tracker. poc: http://webwiki.de/i/ik/ikb/www.ikbenanders.nl/htmlreport

Implemented the http://statcount.com tracking-script.
Example here: http://webwiki.de/i/ik/ikb/www.ikbenanders.nl/htmlreport
 
tom

fixed site-analyzer-bug (mutliple site-statistics)

Identified and fixed a site-analyzer bug that prevented multiple
site-statistics to be parsed when google-analytics was involved.
Multiple-Stats are working now. Example (google-analytics AND
statcount.com) here: http://webwiki.de/analyze/www.simonwakeman.com
 
Cheers,
 
tom

todo: add statcounter at site-analyzer - http://www.statcounter.com

example-site using statcounter (www.statcounter.com, my.statcounter.com):
http://www.ikbenanders.nl

Nice tools: http://www.gwebtools.com/

Nice Tools on gwebtools.com. Not really much unique stuff, and not
really "Amazing tools to increase your Network and Website
performance", but still fast and with some nice ideas.
Personally i don't like totally anonymous sites like gwebtools without
any name on it - but the author might have his/her reasons.
 
http://webwiki.de/g/gw/gwe/www.gwebtools.com/htmlreport
http://webwiki.de/b/bl/blo/blog.gwebtools.com/htmlreport
 
Be sure to check out the hosts-on-ns-function. It supports only
.com/.net, but it's using the .com/.net-zonefiles and is therefore
much more complete than Serversniffs NS-Catalog at
http://serversniff.net/nscatalog when it comes to these two tlds.
 
tom

Sunday, July 12, 2009

We're getting faster

We are into tuning and speeding up Serversniff 2.0.
* The SiteReport got a new section: Other Hosts on this ip
* The DomainReport is half-optimized and now much faster
* We changed the directory-structure to waste less space and make it easier for you to see what information is already there about a host.

tom

Tuesday, July 07, 2009

Crypt-Functions are back

Some might have noticed: The Crypto-Functions didn't work for some time.
I'm happy to announce that most hashes and checksums are back online at our new beta-site:

 

Some checksums are still missing - bear with us, we will expand functionality there soon. Both checksums and hashes are faster, for we switched the implementation from jonelos great java-application jacksum to a binary implementation eating far less ram and cpu-power.

Currently the NIST-Competition for a new SHA3-Algorithm is in a hot phase, there are several candidates pending. We implemented two of them, SKEIN and MD6 (in fact: just one, for md6 is already withdrawn from the competition) in Serversniff's Hash Calculator and will implement the other candiates soon.

If you want to check out what an MD6 Hash looks like, check our Online Hash Calculator.

tom
Posted by Picasa