French?
Not sure that's Frenc h French. Canadian hackers, perhaps? Have Tata pissed off the Parti Quebecois recently?
Top flight outsourcing firm Tata Consulting Services appeared to have lost control of its website to hackers today, with the domain apparently being touted for sale. The Washington Post reported that the site had fallen prey to a DNS hijack over the weekend. A report in Times of India this morning said that hackers had …
John,
that joke was singularly bad. Keep it up. Obvious jokes are clearly flavour of the month - MPs being prosecuted for taking money they haven't earned, Jack Straw being the deciding factor in the Iraq invasion, the existence of AManFromMars and Matt B, etc. Oh, and my browser's spell checker deciding that the correctly-spelled flavour is a spelling mistake. Why doesn't someone teach these people English :)
Au revoir.
Oh, and TataFN.
please guys, I expected better from you lot...
[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]
tcs.com was NOT hacked yesterday. What did happen was that the DNS records that supply the IP were reset to some other IP.
Whether that was done by actually hacking netsol or by social engineering a valid change request I do not know.
I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.
I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask, heh heh!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].
In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it "come back" at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.
At this point in time I am still receiving reports of other DNS servers still showing the bad data. Just tell them to purge their DNS caches if you know them, or switch to openDNS. They've got the right stuff, and have had it a lot longer than the chocolate factory's DNS :)
just run "dig +trace www.tcs.com"
If you're piggy-backing on someone else's DNS, like your ISP or openDNS or the chocolate factory, and you get a different answer than 216.15.200.140, you know what to do.
But actually, if you aren't running your own DNS, and didn't flush your caches as soon as you heard this, you shouldn't even be commenting on the issue.
"still see the bad page" ==> **reporting** on the issue
"fix had not taken" ==> **commenting** on the issue
[Same disclaimer applies as in previous comment]
"However, as of half three today, from where we were sitting the site was still showing the "for sale" notice, in both French and English, suggesting Tata's fix had not taken."
Or suggests that you're using a DNS server that has a cached copy of the compromised records which haven't expired yet.
This post has been deleted by its author