[AfrICANN-discuss] Google blames DNS insecurity for Web site defacements

Rebecca Wanjiku rebecca.wanjiku at gmail.com
Mon May 18 10:43:11 SAST 2009


I hope the article would have had more details.
When I talked to Google rep in California, he said it happened at .ug
registry level, which means there is nothing much he could tell me.
When I talked to Musisi from .Ug he said that it was just a minor
incident and that he did not think it was a story.
I tried to dig for more info but I was not getting anywhere.

I hope you all appreciate that there is a lot of secrecy; people think
if they give you the info they will look insecure and it is easier for
them to say; "I do not think that is a story".


2009/5/18 Dr Paulos Nyirenda <paulos at sdnp.org.mw>:
> Greetings from Malawi.
> We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
> 2009 around midnight Malawi time. Attempts were made to alter DNS
> records at the registry for 23 domains linked to major brands
> including those listed by SM here. The attack attempt was on the SQL
> server but they did not manage to alter our DNS.
> I would also like to confirm that this does not seem to be a case of
> DNS cache poisoning, it was an SQL level attack attempt on the
> registry.
> The attempt at .mw was to change the nameservers to hosts with names
> of the form - crackers*.homelinux.com - where * is empty or an
> integer. We saw the attack as coming from or via two or more networks
> including those with network names: (a) *fdcservers on ARIN and (b)
> TurkTelekom on RIPE.
> Hope this gives additional technical information.
> Regards,
> Paulos
> ======================
> Dr Paulos B Nyirenda
> .mw ccTLD
> http://www.registrar.mw
> On 17 May 2009 at 13:58, SM wrote:
>> At 02:42 17-05-2009, Calvin Browne wrote:
>> >I agree with this - the release is just way too short on details to
>> >understand what went wrong here.
>> >More details are needed.
>> There are reports that the following web sites were affected:
>>   www.google.co.ma
>>   www.aol.ug
>>   www.bmw.co.ug
>>   www.cisco.co.ug
>>   www.cnn.co.ug
>>   www.defenceuganda.mil.ug
>>   www.google.ug
>>   www.hotmail.ug
>>   www.hotmail.co.ug
>>   www.microsoft.ug
>>   www.orange.ug
>>   www.toshiba.co.ug
>> The nameservers for google.co.ma were changed on 9th May.  The domain
>> resolved to a different IP address.  That brought visitors to a web
>> site which wasn't hosted by Google.  The .ug problem occurred between
>> 11 May and 13 May.  This is not a case of DNS cache
>> poisoning.  DNSSEC does not offer any protection against SQL injection attacks.
>> Regards,
>> -sm
>> _______________________________________________
>> AfrICANN mailing list
>> AfrICANN at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo.cgi/africann
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann

Best regards,


254 720318925


More information about the AfrICANN mailing list