

Security company Secunia hacked / DNS hijacked - JCKa1
http://blog.sucuri.net/2010/11/secunia-defaced-dns-hijacked.html

======
wdewind
For those of us who are a little ignorant, can someone expand a little on the
technical details of this? How does one hijack/alter a DNS record? I've only
ever had other people host my DNS, so does this mean they were hosting their
own DNS and someone attacked their DNS servers? What's the security like
around how DNS records are stored? More specifically, had they been using
Secunia's DNS monitoring and had been alerted "before the DNS was propagated"
wouldn't there still be a lag time between when the hacked stuff propagates
and the replacement stuff re-propagates that would leave the site defaced for
the amount of time it takes to propagate the replacement?

~~~
astrange
You steal their DNS registrar account. This depends entirely on the security
of the registrar; Network Solutions used to let you change account info by
sending them faxes on fake letterhead.

~~~
wdewind
Wow how could they POSSIBLY think that would be a good idea? Fax?!

Are you trolling? :P

~~~
xist
that was mainly back in the 90s, when people changed email providers and didnt
have access to original email addresses anymore.

~~~
astrange
sex.com specifically was stolen this way.

They're still really bad at this; people stole the registrar accounts for
somethingawful.com and 4chan from, again, Network Solutions, via social
engineering. I never heard how they specifically did it. They may even have
done both on the same weekend.

------
billpg
I hope that when Secunia PSI downloads it's list, it does a cryptographic
signature check before opening it.

------
DisposaBoy
Am I the only dissappointed by this post?

The article is effectively content-less and mostly copy-pasted with some
selling at the bottom.

~~~
JoachimSchipper
That, sadly, seems to be the norm for sucuri.net.

