The job of a journalist is to fact-check and separate fact from fiction.
Which is to say, when the subject of an article claims something, you should probably not print it verbatim without thinking it through at least a little bit, and maybe determine the credibility of what's being said.
It is not the job of a journalist to regurgitate sources blindly.
Otherwise... hey journalists, I am literally the second coming of Jesus, you guys should interview me and tell people I'm the Son of God.
> Otherwise... hey journalists, I am literally the second coming of Jesus, you guys should interview me and tell people I'm the Son of God.
Right, and in that case the article would probably read "potatolicious, who claims to be the second coming of Jesus..." *
Their claim of alignment with ISIS is, in itself, a part of the story. They are reporting that the claims have been made, not that the claims are factually correct.
In your example journalists would say that you claim to be the son of god. They wouldn't say that you are the son of god.
You seem to be asking journalists to say "he claims to be the son of god (but he isn't, obvs)" which is asking th journalists to provide information they don't have.
My local newspaper stretched it a bit further by saying that the website was defaced bt "sympathizers of IS". Which is doubly funny, because they obviously took the bait.
> hacked by a group claiming be aligned with the Islamic State extremist group
The article claims that the website was hacked by a group claiming to be aligned with the Islamic State.
> hey journalists, I am literally the second coming of Jesus, you guys should interview me and tell people I'm the Son of God.
Good journalism would be to report that you are claiming to be Jesus. Which is what happened here; they reported a claim of affiliation, not the affiliation as a fact. It would actually be bad journalism for the reporter to take a position on your divinity (or an unknown groups actual affiliation with IS).
Interestingly enough, despite malaysia airlines claiming that this is just a DNS hijack. It appears that their own CDN (Akamai) is now serving the deface page. (The page was being served by cloudflare before)
Many CDNs work by retrieving the page themselves, caching it, and re-delivering on request. In that case, if the original page changes, the CDN would automatically change too.
I'm not sure how they are supposed to prevent this. If you have access to the dns, you can change the record for the origin server that the cdn pulls from. Nothing "horribly wrong" with that.
Akamai makes you to set your own DNS server for it to pull records from, the domain getting hijacked should not have any effect on what that DNS server is returning.
>It added that its domain name system was compromised.
sounds like their DNS server was compromised.
Also, I've never worked with Akamai, but every cdn I have worked with just follows the ns records and resolves against that, which could be changed with access to the domain/registrar. Does Akamai not do that?
Hmm, I figured it was just the records being pointed to cloudflare, since everything I could find makes it sound like that, but you may be correct that the nameservers were changed, as cloudflare's nameservers look like they have a record for the domain, but are returning different records: http://paste.click/s/qKkejf [0]
However I suspect cloudflare's nameservers might just return A records pointing to cloudflare if they don't exist, I'm not sure.
Though that still doesn't answer the second part. Would Akamai not use the authoritative nameservers to resolve the origin? Cdn providers I've worked with (Level3, edgecast, Highwinds, and others) just resolve based on the authoritative nameservers, and I'm genuinely curious if Akamai doesn't do that.
Edit: forgot that my keybinding throws the js/syntax highlighted url into my clipboard, which is pointless for this, here are the plaintext links to the same thing:
This isn't the best way to describe the problem or solution.
Users can be advised to install an ad-blocking plugin for their web browser to protect themselves. Since Google serves adverts from domains other than google.com, users can continue to use the google.com domain for search while at the same time blocking the malware coming from ad networks.
Looks like a bunch of static assets delivered by:
fonts.googleapis.com, fonts.gstatic.com, pbs.twimg.com, and www.youtube.com. Looks similar to what I saw post-defacement/pre-fix.
Not really. A defaced high profile website will draw visitors e.g. from all major news sites, maybe even TV. Combined with a couple 0days or a browser exploit kit, quite a chance to infiltrate a target.
And if you're lucky the online reporters also have twitter/fb account info on their PCs. I guess this is how the various compromises of twitter accounts have been done.
But it being an external CDN means that there is no indication that the actual servers they have control of were tampered with. The possibility that HSTS could have saved the day is just as valid. There is no indication that the CDN got these incorrect files with any kind of encryption or signing.
Take away the greetz and the embarrassment and you're halfway to a snazzy landing page