Worldwide
HACK THE PLANET!
The websites of two of the net's most critical oversight organizations were hijacked by Turkish hackers who sent visitors to rogue pages that challenged the overseers' authority. Some of the official domains for the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Assigned Numbers Authority (IANA) …
They appear to have omitted to take even the most basic steps to lock the domains down when creating them. Compare
http://216.239.59.104/search?q=cache:Boyyc-xwKPQJ:www.who.is/whois-net/ip-address/icann.net/+whois+icann.net&hl=en&ct=clnk&cd=3&gl=uk&client=firefox-a
with
http://www.who.is/whois-net/ip-address/icann.net/
>>>Before:
Registry Whois
Domain Name: icann.net
Status: clientTransferProhibited
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Expiration Date: 2013-12-07
Creation Date: 1998-09-14
Last Update Date: 2008-03-24
Name Servers:
a.iana-servers.net
b.iana-servers.org
c.iana-servers.net
d.iana-servers.net
ns.icann.org
>>>After:
Registry Whois
Domain Name: icann.net
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Expiration Date: 2013-12-07
Creation Date: 1998-09-14
Last Update Date: 2008-06-27
Name Servers:
a.iana-servers.net
b.iana-servers.org
c.iana-servers.net
d.iana-servers.net
ns.icann.org
>>>Note the change in the status line.
It was hacked on the basis of a fraudulent email? No signature on the email? No phone call to verify? For fucking ICANN and IANA?
Can anyone imagine ibm.com's dns registration being moved on the basis of an email? Or apple.com?
FFS, whoever took that action really needs shooting.
...fraudulent emails?
Christ, the systems I look after are utterly nothing compared to this, but even I don't take the advice of a fucking email to confirm a config change of any kind - I confirm these things in person, or at least on the phone if it really, really can't be done in the flesh.
I'm trying to work out how someone could have put this through without triple checking it - I mean, it's ICANN, not BobsPlumbers.co.uk for gods sake!
Steven R
I mean come on, honestly the guy who read the e-mail and went yeah that's legit and then processed the request need shooting..
Oh wait maybe.... just maybe he got paid to do it..
I mean a big enough domain like that should have had a verifiable Digital signature on it that and have been verified 1st and not but simply hitting the reply button, but by looking up who registered domain and finding the e-mail address(es) attached to it and using them..
If it's that easy I'm off to redirect Microsoft.com to somewhere nice like itssnafud.com
Lets be realistic. Sending a creative email to a group of obviously retarded engineers to change DNS pointers for the domain is no feat, just proof that some of our key infrastructure people are not taking their jobs seriously or should be fired for incompetence. Give me the job and I'll make sure any retarded attempt like this is triple verified with top management before implementation.
By the way, anybody notice these hackers can't spell? "Everybody knows wrong" should be "Everyone knows better". They're obviously using Google Translator.
And come on, SQL Injection? Yet another example of newby coders implementing systems from script kitty code without fully understanding the fundemantal security checks for any interactive sql system. Anyone hear of escaping single quotes for input strings?
SomeSQL = SELECT FROM table WHERE column = ' " + variable.Replace(" ' "," ' ' ") + " '