Feeds

back to article DNS hijack hits The Register: All well

On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers. The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut …

COMMENTS

This topic is closed for new posts.

Page:

FAIL

The Grauniad...

has better coverage: http://www.guardian.co.uk/technology/2011/sep/05/dns-hackers-telegraph-interview and http://www.guardian.co.uk/technology/2011/sep/05/turkish-hacker-group-diverts-users

1
7
(Written by Reg staff) Gold badge

Re: The Grauniad...

We linked to Sophos, zone-h accounts and Guardian interview in the story. What more do you want!

15
1

Dur...

It wasn't in the original story - very little was!

1
3
(Written by Reg staff) Gold badge

Re: Dur...

I think you are referring to our status update from yesterday?

My story today contained links to all three sources - Honest! OK not Sophos at first - forgot to put in the html (thanks to everyone for the catch).

1
0
Silver badge
Thumb Up

Re: What more do you want!

An eye test, methinks.

2
2
FAIL

Re: DUR!

The original story didn't contain those links when I posted that comment - otherwise why would I post it?!

"Methinks"!

4
2
Silver badge
Pint

Silly Drew...

... why didn't you just blame the Turkish hackers for the missing links?

1
0
Alert

How do I know I'm not posting this in a spoofed Turkish site?

The Comments page looks different, with Forums, my posts etc listed below the comments rather than to the right as was before.

Thanks for being up-front and open. Glad my password for this site is unique.

0
0
(Written by Reg staff) Gold badge

Re: How do I know I'm not posting this in a spoofed Turkish site?

You can relax on that score. We upgraded our forums code last week. Most of the changes are not user visible.

2
1
Bronze badge
FAIL

Some changes very visible ...

Like comments now stretching beyond the 800 pixel width of the screen I'm using to view them on.

Such complaints used to be dismissed with a, "get with the programme, stop being a Luddite; time for a sensible-sized monitor". That was never an entirely valid response to the problem and less so with the proliferation of hand-held and mobile devices.

Oh well, time to write another Greasemonkey script to re-render the pages to fit :-(

8
0
Facepalm

@Jason

Get with the times grandad, we all have mobile devices with a higher resolution than the crap you're using.

5
13
Silver badge
Childcatcher

Just you wait..

..until you're older. I have an HTC Desire and I struggle at times to read the text. I almost have to remove my glasses now and might have to switch to varifocals. I'm holding out until it gets so bad that I can't read my laptop screen easily.

I'm only 44.

http://www.nia.nih.gov/healthinformation/publications/eyes.htm

In my case Presbyopia began to kick in at age 39. That was after let's call it twenty years of using a computer (excluding playing games on a Sinclair Spectrum). So don't be so smug. Hopefully there'll be a revolution in display technology for mobile devices before it hits you.

Still - the important point to note:You don't have to be 'old and frail' to start having problems.

8
0
Silver badge

Re: mobile comments

Use m.theregister.co.uk if you are using a mobile device, then the comments will fit perfectly to your screen width.

5
0
Silver badge

Get with the programme, grandad!

Mobile devices are covered with m.register.co.uk, with the unfortunate omission of icons when posting a message (which I get round by knocking off the m. at the start of the address when replying to a post). I hope someone at Vulture Central takes the hint and adds post icons to the mobile version of the website.

In fact I'm using m.theregister.co.uk from my desktop as something somewhere still has www.theregister.co.uk in its DNS cache poisoned.

0
0

@Just you wait..

I'm 45 and have just noticed the glasses on / glasses off issue with my new Macbook Air 11" ... so I will have to keep using the "applekey +" keystrokes to enlarge the text until I get the firm to pay for varifocals.

Still not bad for 32 years of VDU squinting and I've always been myopic .. just waiting until I get 20/20 vision when I'm 80+

3
0

"Oh well, time to write another Greasemonkey script"

Sure, if your web browser can't either zoom the page to a useable compromise size - your definition of "useable" - or, in the case of Opera, squeeze the stuff onto the screen itself - not guaranteed. Disabling the site's CSS may also help.

I'm no longer using a tablet in portrait orientation, 480x800, for this, and that's probably a good thing.

0
0
Silver badge
Unhappy

Varifocals bahhh!

I went to varifocals last year (at 45) ...

Hate them - find I can't keep everything on the screen in focus without nodding my head all the time!

I think I'll go back to single focus and taking them off for reading next time I change them!

1
0
Silver badge

A bit off-topic

..but did you go to Specsavers? Several of my Dad's friends have said theirs are a lot better than other brands. Something about Specsavers using a larger degree of separation or somesuch.

0
0
Linux

Yeah sure :)

That's exactly what _they_ would say isn't it? :)

0
0
(Written by Reg staff) Gold badge

Re: Some changes very visible ...

Fixed.

0
0
Mushroom

and

they don’t like it up ’em...

1
0
Silver badge

Betcha a nickle ...

... that the annonytwats will clam "responsibility" ... for small values of responsibility.

0
3
Coat

Biting the hand....

that feeds it....

Winning.

Obligatory hat and coat already donned.

1
0
Anonymous Coward

One more reason to send hackers to prison

The only good hacker is dead... or at least in prison for 15 years.

1
3
Alien

Oh come on!

Didn't you watch Independence Day?

Hackers will one day save the world.

0
1

David Levinson ruled 0K!

Yup - our l33t hackers will hijack the aliens DNS, causing them to die of acute embarrasment when their invasion webpages redirect...

(which is actually slightly more likely than the Powerbook-virus-transfer-to-the-mothership-mainframe-via-AppleTalk trick, tbh)

http://starringthecomputer.com/computer.php?c=54

1
0
Silver badge

Not all of them

There are lots of good hackers who do amazingly cool things with computers, like program a graphics calculator to show Star Wars.

It's the script kiddies, who aren't even proper hackers, who need to go to jail.

1
0
Bronze badge
FAIL

"There are lots of good hackers who do amazingly cool things with computers

...like program a graphics calculator to show Star Wars."

That's not hacking, that's programming.

(PS: Your logon tab order is all wrong, it goes from username to forgotten password instead of to password)

0
0
Silver badge
Mushroom

Hackers vs. cracker

I consider myself a hacker (in the original sense of the word, and not limited to software or computer either), and the way I'd like to deal with the cracker/script kiddie end of the scale it through the business end of an AK47, or copious amounts of C4. Oh, and that includes spammers too. After buggering them with a splintery broomstick lovingly marinated in Mad Dog 44 Magnum Pepper Extract (look up its Scoville rating if the name is not explicit enough)

1
0
Devil

Hmmm Tasty

4 Million on the scale, and doesn't seem to be a nice foodstuff

http://youtu.be/PBl2867xcHs

More like a chemical weapon

0
0
Linux

Definitions

The problem is the term hacker has as many as three distinct meanings in computing:

(1) Originally someone who hacked out code. Not necessarily a compliment.

(2) Later it became a term used for a very good coder or someone who loved coding for its own sake.

(3) Later still it was used (largely by the media) to describe crackers, script kiddies and even blackhats.

The last two definitions are still in use. I avoid the term and always use an alternative as it is too easily misunderstood.

0
0
Silver badge

@Robert Brockway

Almost, but not quite. See:

http://www.dourish.com/goodies/jargon.html

And that's a later-day version of the file I first ran across at Stanford in ~1976. If I remember correctly, back then it was called "AIWORD.RF". Hacking wasn't just about software, it also involved modifying chassis with hacksaws to make parts fit. The license plate frame on my daily driver has read "Beware of programmers who carry screwdrivers" for several decades ...

0
0
Silver badge
Joke

Er...

"If you still see a defaced page, turning your equipment on and off again may help:"

How could I read that if I saw a defaced page?

But seriously, welcome back.

4
0
(Written by Reg staff) Gold badge

Re: Er...

Too true - but no harm in giving some broad end user advice. It may get to the right hands...

1
0
IT Angle

power cycle cult

Anyone who isn't familiar with the term "Did you try turning it off and on again?" doesn't deserve to be allowed to read el Reg..

4
0

OS X and Windows says it too

OS X has a lovely "Try turning off and on again" and "Are there any devices you can turn off and on?" messages in their assistants.

IF end user router companies could agree on a simple standard for doing these simple tasks (e.g. a basic secured page relative to modem ip to reboot) , operating systems or even browsers could deal with the non standard and confusing interfaces.

I rarely use modem's interface to reboot since I don't have time to browse 10 pages (some even have flash!) designed in that years cool asia page fashion.

In fact, I once "fixed" friends car by just turning off motor and on, "like a freaking computer" (in his words). Seems the fuel computer of car freaked out a bit. :)

0
0
Thumb Up

turning your equipment on and off again may help

Works for a lot of things to reset to a pre-configured state and its good to remind people of the simple solutions. Sometimes its easier to say "Dad, turn it off at the mains, wait a few seconds and then turn it on again" then to drive a few hundred miles just to perform hands-on diagnosis and reach the same conclusion.

I'm sure lots of enterprises still run weekly "reboot server to clear memory leak" etc housekeeping actions ... its sad but true .. fixing the symptom is cheaper than upgrading the software stack. It used to be said that "Microsoft fix #1" was reboot/powercycle .. its the fix of last resort for Unix/Linux boxes though.

My Smart Car has lost its marbles a couple of times refusing to change gear using its tiptronic controls .. so it was time to pull over, turn off and turn on again to fix .. interestingly it worked regardless of the number of windows I had opened.

6
0
404
Bronze badge
Pint

Standard Procedure

Replaced the air filter, plugs, cleaned MAF sensor and throttle body, and then reset BCU/ECU to relearn parameters in my 08 GMC Canyon 2.9L 4cyclinder truck. Have to do it again when my new ported throttle body shows up. Picky picky and likes throwing CEL codes. Determined to get 30mpg average out of this truck... Need to get it on a dyno and custom tuned but I digress....

What was I on about?

;)

0
0
Silver badge

Motive?

What is it that "Turk Guvenligi" are after? Are the protesting against the human rights abuses of the Turkish government or something? (e.g. Ilisu Dam)

Or are they just doing it for the lulz?

0
0
Anonymous Coward

for the

lulz.

of course.

I'm on a horse.

1
0
Anonymous Coward

lulz, they can't dare

People supporting and controlling Turkish government can enter a top secret military facility without getting noticed, plant dvd-rs containing thousands of pages of rigged documents and call the police.

Or. They can record thousands of people phone calls, daily activities and even bed activities and make them their puppet, especially if the person is in media.

Current policy of UK and US Govt. is to support the .tr government so if you are British or American, you will never hear about these.

Would you dare to protest such a government? It would be like setting up a pirate radio station in Berlin back in 1930s.

I have a clue about who the idiot could be (like all .tr IT) but for this kind of pathetic lamer, best is not to advertise.

0
0

Re; Mahatma Coat

I've seen several sites containing an image of this Reg story so Reg users with contaminated DNS could read it there. Plus, as Drewc says, word of mouth helps.

0
0
Silver badge
Joke

@ Just Kevin

I was joking, hence the joke icon

0
0
Bronze badge
Coat

So???

How many tech savvy readers of El Reg are not prepared with DNS hijack/redirect warning addons for their browser ??

(That will be IE users I suppose).

(Flame proof coat)

1
1

It did show me about 10am last night though

That you're on apache 2.2.17 using various boltons incl openssl (which I've struggled to turn off on servers I have anything to do with admittedly) thanks to your error page footer.

0
0
Silver badge

And?

What exactly do you think matters about version numbers and extension names that The Reg shouldn't be showing them?

There is nobody with a brain out there attacking servers but "ignoring" certain version numbers of Apache / modules because they look up-to-date. It's a pointless task because where there is no version number at all you'll probably try your exploit anyway because it almost certainly means someone who's scared of showing what ancient version they have running, and where a version number is returned it can easily be faked, and where it's not faked and not-out-of-date, it takes longer to check the version number against some magical list of "non-exploitable" Apache versions than it does just to try whatever exploit you're attempting anyway. And Apache version numbers mean nothing because even Debian/Ubuntu sometimes uses "old" versions of Apache that have been patched even if their version numbers aren't one of the "officially" fixed versions.

SSH has as part of the protocol that you MUST give a version number out in the initial parts of the handshake (a lot of clients rely on it for feature detection etc.) and it's never been a problem in all the time that protocols been around (and, if anything, encourages people to upgrade!)

If you're worried about showing your version numbers, you're scared about people finding out what you ACTUALLY run. That's more worrying than anything they could do with that information (which would be precisely ZERO because most attack tools are automated and just-don't-care about version numbers because they can try the entire exploit in the time it takes to find out the version of a remote server; in the same way that I still witness tons of SPF failures on email - because the people sending out spam just don't care or it's not worth the effort to bother to weed out SPF-enabled domains from their "fake-from-address" list).

Someone in IT suggesting that someone else knowing what version number of a piece of software you run is like a mechanic saying that you should take the badges off your car so that people don't know it's a Ford in case they try all to break into it using methods that only work on Fords. 1) It fools no-one. 2) Car thieves aren't stupid enough to be stopped when their "Ford-only" exploit doesn't work. 3) A brick through the window works on pretty much every car in the world.

6
0

@And?

Whilst everything you say is "true" its also security best practice to remove identifing marks from protocols if only to pass the Penetration Tests.

0
0

Synonymous Howard

Too true: The testers have been happy enough with our "IIS 15.0" server for years!

1
0
FAIL

Erm.....

"If you still see a defaced page, turning your equipment on and off again may help"

Actually, turning it OFF and then ON again is more likely to help....

11
0
Silver badge
Headmaster

If the final state is 'off'

you won't be seeing the defaced page either.

1
0

Page:

This topic is closed for new posts.