Another day, another mass domain hijacking More than 750 domain names were hijacked through the internet's own systems, registrar Gandi has admitted. Late last week, an unknown individual managed to get hold of the company's login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se …
From the incident report:
« These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).
As a rule, we have always systematically implemented all available security measures at all registries and technical partners (such as TOTP, IP restriction, etc.). Unfortunately, these security measures were only recently added, in 2016, by the technical partner in question and had not been identified at the date of our most recent security audit. »
I believe this is the first time I see positive confirmation of an attack based on the simple expedient of sniffing HTTP traffic.
Before all the retards pour in with their expressions of glee or pretend outrage: I am a Gandi customer. I have been a Gandi customer since they were a five employee joint in the backstreets of Paris. They did a fantastic job then and they still do a fantastic job over ten years later. In all this time, not once have I been let down and their professional service and customer approach is second to none.
Why is it that only after suffering a devastating attack do all these unfortunate companies THEN implement all kinds of NEW Security protocols? In light of the massive amount of malware attacks, should not these companies, all of them, not be reviewing how best to beef up Security? Instead of making week apologies later?
Fundamentally, is not the answer to this and a number of other recent (and indeed, not so recent) incursions, that the basic structure of the internet was not designed with real security in mind? That the idea of malicious interference was given little or no thought?
I don't blame the initial designers, because this was a long time ago and they didn't realise how big it was all to become. But I don't doubt that if we were to design the internet's protocols, structures and standards from scratch today, we'd come up with some very different and infinitely more robust solutions.
So what troubles me is that I don't seem to hear much about major redesign of (say) the processes around DNS, Perhaps this is brewing slowly on a back-burner somewhere, but then again, perhaps it should be front and centre?
As other will no doubt spot, a so called information DIDN'T have DNSSEC set up? Really?
I guess that's like a road safety campaigner when out on their bike getting hit by a car and ending up with a fractured skull. Once they recover pipe up and go "I'm now going to wear a cycle helmet from now on"
Instead of downvoting your comment I'll answer your question.
That quote was attributed the the Swiss security company SCRT. I think you will find that SCRT doesn't have anything to do with the operation of Gandi's systems, so yes, it certainly WAS out of their control -- and it wasn't SCRT's credentials or systems that were used either.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
