IT Security

In this section, I have presented various interesting aspects of information systems security I came across during the past few years. Currently, I’m not directly involved in IT security research any more, and this section is just an archive of my old writings and projects.

Apache web server, PHP and web applications security guide (2004-2006)

Security of many web servers, pages and applications is a serious issue and a major headache for the Internet nowadays. Cross-Site Scripting (XSS), Cross-Site Request Forgeries (CSRF), SQL injection, incorrect configurations and many other critical vulnerabilities are very widespread in the Internet and it allows crackers to access many systems easily. In my comprehensive article, I have discussed many of such threats and possibilities to prevent them.
Read more… (in Polish )

Disassembling MyDoom virus code for fun and profit (2004)

In January 2004, MyDoom worm became the most quickly spreading by e-mail computer virus. The virus conducts DDoS attack on SCO’s and Microsoft companies, as well as installs a Trojan horse, Shimg. In my article, I have presented how to disassemble the virus and how to gain control over any of over over million infected computers. I have provided a source code and a program that allows to take control over a compromised machine.
Read more… (in Polish )

Automatic generation of configuration files for HTB traffic shaping (2007)

Hierarchical Token Bucket algorithm allows to generate very complex rules of queuing and shaping network traffic. On the other hand, in many cases, even a very simple configuration of HTB can improve network performance significantly. I wrote a Java applet which allows to generate HTB configuration automatically for your server and local network.
Read more…

DNS protocol: implementations and the “Birthday Paradox” (2003)

In this article, I have presented how crackers could poison DNS server cache with false entries in early 2000s due to so-called “Birthday Paradox”. In later years, I was surprised many times that this issue lose its relevance very slowly. For example, it turned out that there were vulnerabilities related to this issue in the DNS servers in Microsoft Windows NT 4.0 and Microsoft Windows 2000 Server.
Read more… (in Polish )

Building a honeypot servers network (2006)

In 2006, I created HoneySpy project which allows to create and manage a network of honeypot servers. Honeypot is a trap to detect unauthorized attempts to use an information system. With the use of tools such as p0f, ebtables and ippersonality, the HoneySpy network nodes can imitate any operating system TCP/IP stack and any MAC address. I have implemented several several dummy services for the nodes (finger, openproxy, pop3, ssh, smtpd, telnet). Currently, this project is no longer active.
Read more…