Hello, welcome to the Tuesday, November 26, 2019 edition of the Sandtonet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

I've got a quick diary today from Xavier about Dines over HDPS again, but this time a little bit

a different spin on it as to how to sort of get

a good balance between privacy and network monitoring. What you're usually concerned about

with DNS over HDPS is, for example, your ISP altering DNS data or using it, for example, for commercial purposes.

Now, what Xavier is proposing is that you pretty much keep traditional DNS working inside your network,

but then your internal resolver is using DNS over HDPPS to connect to a trusted DNS over HGPS

endpoint. In Xavier's case, he picked Cloudflare. And he also uses good old pie hole in order

to do some filtering with reverse policy zones on what users are able to resolve. So the internal

resolver still gets all the network monitoring data that you need, but your ISP is no longer able to

interfere with your DNS traffic. And talking about privacy, security company Sec consult did publish details regarding a

vulnerability that FortyNet fixed last week.

FortyNet, like many similar products, is sending, for example, URLs that a user is browsing

to and host names and the like back

to its own systems in order to check if they are on any blacklists.

Now, this information is of course sensitive and should be encrypted.

They could have done something like TLS, but instead they went apparently for their own encryption scheme, which meant that they would just XOR the data using a static key.

Now XOR is not necessarily bad if you are using a very random key, often used with one-time pads and not a bad system in this case,

but using the same key over and over, of course, that doesn't work.

Once the attacker, for example, can guess a certain URL that you're visiting, they can easily then derive the key.

And in this case, it appears that the key was actually derived from

...