1. You're not subjecting HN readers to a site under the control of a malicious party who may have done more than just deface it. Even if you verify that you only receive plain boring text with no scripts, iframes, plugins, etc. it's impossible to verify that someone else won't get served different content. For example, malware that only gets served to people in Israel.
2. Once the compromised site is restored, people visiting the link won't see what happened. When you link to a third-party article, that article will persist even after the hack is long since gone.
3. Linking to a security research company will probably give better insight into the technical details how the attack happened, gratifying our intellectual curiosity, instead of just being a dumbed-down piece from some mass-market tech blog.
They are if the zero-day isn't what you're after.
Something like this is like candy corn to a site like HN. You need an exploit and a reason to get your targets to visit your hacked site. When something like this hits HN's front page, if your target is in the tech world, odds are very good that you'll catch someone in the company/companies you're after. This is not theoretical. See, for instance, the Java exploits employed in those hacked iOS dev forums that successfully compromised computers at Facebook, Twitter, Apple, and Microsoft.
While DNS-hijacking Google.ps as a watering hole for HN seems like a bit of a long shot of a vector to get access to HN users, it would be a pretty logical vector for Palestinian Authority systems. And is likely a lot of other users would get unintentionally caught in the net.
Flash/Java vulnerabilities are also quite a bit cheaper (100k range), and well within the price range of most criminal APTs, let alone nation-states. But I imagine most, if not all, HN users have those extensions disabled by default.
But overall the point is valid. The risk, even if not that large that anyone here would be targeted, makes it a good idea not to post directly to compromised websites. I'm not exactly wild about a random workstation at any US company being compromised, even though they weren't explicitly targeted, by random Israeli hackers or even Unit 8200.
I don't see any malicious action here.
>1. You're not subjecting HN readers to a site under the control of a malicious party who may have done more than just deface it. Even if you verify that you only receive plain boring text with no scripts, iframes, plugins, etc. it's impossible to verify that someone else won't get served different content. For example, malware that only gets served to people in Israel.
The .ps registry was. Google DNS servers have been changed to omar.genious.net and hamza.genious.net
Every site depends on root DNS servers to do their job right...the root for .ps was hacked...that's what happened here...google was affected, but not hacked.
The SOA record is almost irrelevant in this case, unless you are seeing some trickery where they set high TTLs or something to keep the "hack" around longer after it has been corrected.
There is only one root (which is kinda what makes it a root) - and in this case the root servers are doing their job just fine. DNS is hardly even involved. As far as I can tell this was simply a compromise of the web UI that allows for the management of domains under the .ps ccTLD. Probably just another sloppy front end developer.
I wish OP would have done the same with a comment. In fact, this should probably be standard procedure when submitting a link to a compromised site if it's not to a blog/news post about it.
They were defaced which was directly apparent to users - not hacked. At all.
"a hacker is someone who seeks and exploits weaknesses in a computer system or computer network" ( http://en.wikipedia.org/wiki/Hacker_(computer_security) )
Being hacked means a hacker has found and exploited a weakness in a computer system or network. Saying that Google Palestine was hacked is false because no exploit in a computer system or computer network OF Google Palestine was found nor exploited.
Not it wasn't. It's still hacked for me.
Nope, still 22.214.171.124
Real Player is so rear this days, so at list it wouldn't be my first choice if you only wanted to play a song.
Best of the Rest? Well, that's not saying much, is it?
EDIT: Ok, on the second thought it seems that the compromised server is just the closest to google. All that is left is to wonder, whether palestine guys did target that server because of it :)
Considering that most of the big sites run local variants of their services using these TLDs is it fair to assume that one of these next ones could be of the phishing kind?
What's the best thing to do - always use the .com hoping that it is safer?
ICANN needs to mandate stronger requirements for best practices with web based management UIs. Unfortunately they have little in the way of real control over ccTLDs.
You'd be best served registering ccTLDs and redirecting them to your gTLD of choice (say, .com) and not trying to serve localized content from them.
> Unfortunately they have little in the way of real control over ccTLDs.
Hopefully NTIA can empower ICANN (as the IANA operator) to better exercise security requirements against ccTLDs. Ultimately NTIA can pull the ccTLD from the root, which is a stick we could use increase the overall security of the internet, but I would prefer we find a carrot.
Refreshed site on my computer connected to wi-fi - it now appears to be return correct Google site.
You don't see how that might be relevant to this site?
Not that you'll take this advice, but I'd really recommend spending a little time thinking about what if you were born with a different last name.
Would you be a butthurt loser then, by dint of that last name?
This is an online prank. Have you actually decided to treat it as a serious political protest?