Unknown hackers hijacked Comcast's domain name for three hours overnight, sending subscribers who tried to access webmail and other services to a rogue site that bragged of the exploit. Comcast lost control of the comcast.net address after the attackers changed registration information stored by its domain registrar, Network …
So , when will the Comcast executives emails become public domain on the intertubes ?
the mind boggles
they did a bit more than that.
i called to change some of my account settings and things, and the people i talked to said their account lookup system was having issues and wouldnt be back up for a bit, when i called again about 4 hours later it was still down, then this story breaks.....
So they redirected the website. What about MX records? It would be a lot more damaging to redirect all Comcast emails to your own address, even for a short while. I would be willing to bet most SMTP servers ignore it if the SSL certificate does not match or is missing.
i am sure this was done by a social engineering attack, someone got names and info on admins inside comcast, and then called up network solutions or faxed them a change. Quite likely if they could make the request seem authentic i bet. After all, how many people who post to this site would fall for a trick like that? This also means it is likely to be partly an inside job too :)
Preventing and monitoring?
Preventing this kind of things happening can never be 100% but aren't they monitoring it? You would think that any company which is relying on, let's say DNS, would be monitoring that resource? Doesn't really cost anything, just a couple of messages time to time. Weird!
All your DNS belong to us
He who throttles others may get throttled himself.
At least, that's what Paris told me last night....
Instead of redirecting to a web page, pass on the login details to both the comcast server and your own mirror. They get access as usual to mail and domain controls and you get the username/password for later use.
web traffic not trashed
... just "delayed".
Mines the one with the RST flag on the sleeve.
Brute force of ssh key
The box wasn't running debian was it
I missed the fun. Just got the Network Solutions blank page.
I tried to access comcast.net at about 2:00 a.m. Eastern USA time. I just got a page marked as a Network Solutions page stating that the Comcast web site was unavailable. I'm always late to the party. :(
Must be el reg readers then...
Paris coz its not nice to be mean about dicks
...such dweebs can compromise so much?
IT Security and Army Intelligence must be on a par.
There's an easy fix....
Here we have a nice division of labour. I look after our DNS, but my boss has our registry account. Most of the time, he keeps the company credit card details off our account, and whenever I have to do something with the registry account, I have to ask him to fill in the details.
Until he does, I can't do anything with the registry account at all, all I get is a page telling me that there are no credit card details available.
A rough - but efficient - protection method.
When I've finished - I let him know he can remove the card details again and the protection is back on.
you'd think ...
>> A brute force password attack is one possibility, but you'd think Network Solutions >> has safeguards in place to detect thousands of unsuccessful login attempts.
You would think that all domain registrars would have passwords encrypted ? oh look UKreg/Fasthosts didn't, so NS not having brute force detection wouldn't surprise me
I think you will find it was Dick tard lane, obviously a troll of el' reg who just couldn't figure out where tard is actually meant to fit into a sentence!
/mines the coat with "L33t Tard Warez" on it...
Comcast doesn't really need much help screwing up
I've had comcast for ages mainly because they've forgotten us on their rate increases so we hum along at some old cheap rate. The second they try to raise my rate we'll be running for the door.
But Comcrap doesn't really need a whole lot of help screwing up their network - they do it all by themselves, ALL THE TIME. At any point in time half of the intarweb can't be located. There was some sort of outage in the area last weekend that left something like 140,000 households without service for a few hours. Bittorrents downloads do finish but forget about seeding due to their session rejects.
Posting anonymously as I don't want those clowns to find me and "fix" my billing.
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity