DNS Vulnerabilities and the potential threats

What is DNS?

To reach another person on the Internet you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn't have one global Internet. When typing a name, that name must be first translated into a number by a system before the connection can be established. That system is called the Domain Name System (DNS) and it translates names like www.icann.org into the numbers – called Internet Protocol (IP) addresses. ICANN coordinates the addressing system to ensure all the addresses are unique. (ICANN "DNSSEC-What is it and why is it important?")

Why should I care?

According to ICANN, vulnerabilities in the DNS discovered recently allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection. Recent posts from various members of the ICT Community Forum on Facebook led me to think that there is a possibility of this happening to company websites. It seems PNG government websites are the prime targets.

Some websites that have been reported on this ICT Community Forum with connectivity issues;

• www.pm.gov.pg
• www.pmnec.gov.pg
• wss.finance.gov.pg
• www.ipa.gov.pg 

Captive portal software

I was doing some research on the different types of captive portal software available and here is a list of open source captive portal software as well as a few closed source (paid) software. A few of these software also have additional network access control features apart from just simple redirects. I hope to maintain this list and update it in the future when new software or products become available. 

An example of a captive portal from Sophos

What is a captive portal software? In short it is a web page which is displayed to newly connected users before they are granted broader access to network resources.

Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of EULA/accepted use policies, or other valid credentials that both the host and user agree to adhere by.

Using MailMerge to send progressive results to students

In my almost five years of teaching, I have been using this method of keeping my classes updated of their progressive results every semester. We have only started using Moodle Gradebook two years ago (well at least for me) but I still find myself having to resort back to this method of updating my classes of their progressive results.

If you are like me, wanting to make the most of what basic tools like your MS Word, Excel and Outlook can offer then this post is for you. (I am assuming you are using a Windows OS with MS Office installed already) In this post, I go through step by step on how I create a grade book for my class and send the results to their emails using a method called MailMerge.

There are two things that we need to do;

• Task 1: Creating a grade book in MS Excel
• Task 2: Using MS Word to create a standard template for the mail merge ready to send the results from the Excel grade book.

Task 1 Creating a grade book in MS Excel

For this tutorial we will just use dummy test results, names and emails.

Step 1 Open a blank Excel file. Create seven columns and put in the column headings as First_name, Second_name, Email_add, Test1, Test2, Test3, Total

Step 2 Add at least three to four records of dummy details. One email can be your own email or a second email you use. This will be an email which you will use to verify that your mail merge is successful and you are sure that students will receive the assessment report. Here is a sample of my gradebook. Make sure to save the Excel file somewhere.

Gradebook in Excel

You will notice here that all the emails here are real emails except for the last one. This is so that I can demonstrate at the end that the mail merge was successful and I posing as a student have received the report.