Saudi Hackers Change DNS Registration Information

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Zone-H News.

[snip]

It appears that Saudi Arabia crackers managed to get the passwords of our
registrar (our registrant panel to be precise), accessed the domain
management page and changed the DNS entries, pointing the zone-h domain to
an IP address belonging to the crackers on which they mounted the page you
saw in the last 48 hours.

48 hours!?! So long it took to take contact with the registrar (they work
only through email communication), explain the problem to 8 different
people then finally getting a reset of our credentials, taking the domain
back in control.

On the funny side, the same problem happened to Google in its German
version which yesterday evening was redirected to a different page
(different owner actually).

[snip]

More:
http://www.zone-h.org/content/view/14498/31/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)

wj8DBQFFtl9Dq1pz9mNUZTMRAg9iAJkBY/G8g+eEZYx57a+wBH8xVINmHgCfUH1A
0ydsNNgMHWaU4/K4ZX5s8To=
=tZax
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.