Landon Fuller figured out a nice application for Dan Kaminsky’s DNS hack — using DNS servers on the public Internet as “dead drops,” with messages stashed on them that can only be retrieved by people with the secret:

In each DNS query, 7 bits are reserved for a number of flags, one of which is the Recursion Desired (RD) flag. If set to 0, the queried DNS server will not attempt to recurse — it will only provide answers from its cache.Combine this with a wildcard zone and it’s possible to signal bits (RD on), and read them (RD off). To set a bit to 1 the sender issues a query with the RD bit on. The wildcard zone resolves all requests, including this query. The receiver then issues a query for the same hostname, with the RD bit off. If the bit is 1, the query will return a valid record. If the bit is 0, no record will be returned.

So, it’s easy to signal a single bit, but what if you want to share more than 1 bit of data? This requires both sides to compute a list of records — one record for every bit of data we wish to send. In my implementation, I chose to do this with a pre-shared word list and initialization vector (IV). Given the same word list and IV, both sender and receiver can independently compute an identical mapping of words to bit positions. The sender can then signal the ’1′ bits, and the receiver can query all bits.

Source

Related Posts: On this day...

• Alaska State Legislator Makes a PSA Warning Travelers about the TSA - 2011
• The State of Linux Audio: Dec 2010 - 2010
• Spite Houses - 2009
• Checkerboard optical illusion - 2009
• Yahoo To Anonymize Logs After 90 Days (compared to Google's 9 Month retention) - 2008
• HOWTO: Build a Linux-based supercomputer out of a Playstation 3 - 2008
• Adobe AIR out of beta for Linux users - 2008