Be afraid.... be very afraid!

Over the last few years I've vaguely tracked a couple of hacking blogs; mostly to keep myself scared. The thing is - the bad guys are very, very creative and highly technical. They figure out ways to piece together lots of small, apparently insignificant, quirks in the way the Internet works, and use it to get access to things they shouldn't. It's good to remind yourself of this regularly if you work in the web business, because it's very important to secure the small, apparently insignificant stuff.

One of these blogs is that of RSnake, who apparently is a white-hat hacker. I say apparently, because how would you know if he was a black-hat? (Or is the proper term in this case grey-hat?) Assuming he is as white as the driven snow, I'm sure he wouldn't mind me suggesting that you visit his site (perhaps via the link in the next paragraph) at your own risk. You should be scared to visit the site of someone with these capabilities. As for who else has them, well again, how would you know? 

He's just released a video explaining DNS Rebinding. What's that? Well if you don't already know how HTTP, DNS, TCP/IP work and a fair bit about web browsers and servers, you are excused at this point. By all means watch the video - it gets a bit technical, but along the way he's explaining how a bad guy can reach inside your intranet, past all your firewalls and security, and steal information from your internal servers. Just by getting you to click on a link.

The nice thing about seeing a video is that it makes it all a bit more concrete, and a bit more real. If you have any colleagues who don't seem to care too much about doing all the detailed work on securing a server, show them this. It might wake them up.