Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

hushmail redirected

From: Siegfried <siegfri3d () gmail com>
Date: Sun, 24 Apr 2005 20:10:05 +0200
hushmail got redirected for a few hours this morning, we wrote a news about it but we've been under a large ddos attack after sending it to the press, weird! hushmail posted a message on their web site saying it that network solutions was responsible (trust them or not, maybe they'll release more details later): 
https://www.hushmail.com/login-status?

Here is the content of the news, before the site went offline:

Hushmail.com defaced by means of DNS redirection UPDATED
Siegfried, SyS64738 Zone-H Admins
04/24/2005
The web site hushmail.com of Hush Communications, providing secure email services, was defaced over the week-end, visitors being redirected to a different server after an attacker got access to Hushmail DNS maintenance panel.
It was first noticed very early this morning, when the domain www.hushmail.com began to redirect users to a page containing the following message: "The Secret Service is watching. -Agent Leth and Clown Jeet 3k Inc". The DNS were changed to DNS1.EVONEXUS.NET DNS2.EVONEXUS.NET while hushmail are using their own servers (NS*.HUSHMAIL.COM) and the information on the whois was hijacked: 

Administrative Contact, Technical Contact:
Smith, Brian clownowns () yahoo com
Hush Communications
Maybe the attacker got somehow this contact's password, whose email address was admn () HUSHMAIL COM (according to the data on the whois of hush.com) and modified the data of the domain on the Network Solutions web site, their registry.
On sunday 4am GMT the page was removed, probably by burst.net, which was hosting it, the emails sent to the hushmail.com users were bounced back to the sender at the time of writing.
The attacker didn't use the web site for a malicious purpose, but it is indeed a bad news for Hush Communications, whose credibility was seriously damaged. 

A mirror of the "defacement" is available here:
http://www.zone-h.org/defacements/mirror/id=2309823/

UPDATE
Currently at 08:35 AM GMT+1 the site Hushmail.com is reachable in Europe only by its IP address 65.39.178.11 while the query through DNS doesn't resolve. 

Click here to view the current status of Hushmail Whois
http://www.zone-h.org/files/77/hushwhois.htm
Original article: http://www.zone-h.org/en/news/read/id=4467/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: