[AfrICANN-discuss] Google blames DNS insecurity for Web site
rebecca.wanjiku at gmail.com
Mon May 18 10:43:11 SAST 2009
I hope the article would have had more details.
When I talked to Google rep in California, he said it happened at .ug
registry level, which means there is nothing much he could tell me.
When I talked to Musisi from .Ug he said that it was just a minor
incident and that he did not think it was a story.
I tried to dig for more info but I was not getting anywhere.
I hope you all appreciate that there is a lot of secrecy; people think
if they give you the info they will look insecure and it is easier for
them to say; "I do not think that is a story".
2009/5/18 Dr Paulos Nyirenda <paulos at sdnp.org.mw>:
> Greetings from Malawi.
> We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
> 2009 around midnight Malawi time. Attempts were made to alter DNS
> records at the registry for 23 domains linked to major brands
> including those listed by SM here. The attack attempt was on the SQL
> server but they did not manage to alter our DNS.
> I would also like to confirm that this does not seem to be a case of
> DNS cache poisoning, it was an SQL level attack attempt on the
> The attempt at .mw was to change the nameservers to hosts with names
> of the form - crackers*.homelinux.com - where * is empty or an
> integer. We saw the attack as coming from or via two or more networks
> including those with network names: (a) *fdcservers on ARIN and (b)
> TurkTelekom on RIPE.
> Hope this gives additional technical information.
> Dr Paulos B Nyirenda
> .mw ccTLD
> On 17 May 2009 at 13:58, SM wrote:
>> At 02:42 17-05-2009, Calvin Browne wrote:
>> >I agree with this - the release is just way too short on details to
>> >understand what went wrong here.
>> >More details are needed.
>> There are reports that the following web sites were affected:
>> The nameservers for google.co.ma were changed on 9th May. The domain
>> resolved to a different IP address. That brought visitors to a web
>> site which wasn't hosted by Google. The .ug problem occurred between
>> 11 May and 13 May. This is not a case of DNS cache
>> poisoning. DNSSEC does not offer any protection against SQL injection attacks.
>> AfrICANN mailing list
>> AfrICANN at afrinic.net
> AfrICANN mailing list
> AfrICANN at afrinic.net
More information about the AfrICANN