[AfrICANN-discuss] Re: AfrICANN Digest, Vol 27, Issue 18
Douglas Onyango
ondouglas at yahoo.com
Mon May 18 20:07:34 SAST 2009
Hi all,
I have asked the management (Administrative and Techincal Contacts) for the .ug to make an official statement on this; i will post their response on what happened, how they fixed it, how much downtime as well as safeguards that are in place to subvert any such attacks in the future asap.
Regards,
Douglas onyango +256(0712)981329
If you are not part of the solution, your are part of the Problem.
--- On Mon, 5/18/09, africann-request at afrinic.net <africann-request at afrinic.net> wrote:
From: africann-request at afrinic.net <africann-request at afrinic.net>
Subject: AfrICANN Digest, Vol 27, Issue 18
To: africann at afrinic.net
Date: Monday, May 18, 2009, 7:04 PM
Send AfrICANN mailing list submissions to
africann at afrinic.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.afrinic.net/mailman/listinfo.cgi/africann
or, via email, send a message with subject or body 'help' to
africann-request at afrinic.net
You can reach the person managing the list at
africann-owner at afrinic.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of AfrICANN digest..."
Today's Topics:
1. Streaming announcement for posting on website and mailing
lists (Stephanie Moorghen-Bernon)
2. Re: [afnog] [AfrICANN-discuss] Google blames DNS insecurity
for Web site defacements (SM)
3. Re: [afnog] Google blames DNS insecurity for Web site
defacements (Calvin Browne)
4. Child Protection Online (Eric M.K Osiakwan)
5. Re: Re: [afnog] Google blames DNS insecurity for Web site
defacements (Dr Yassin Mshana)
6. Re: [afnog] Google blames DNS insecurity for Web site
defacements (Atef LOUKIL)
----------------------------------------------------------------------
Message: 1
Date: Mon, 18 May 2009 14:28:45 +0400
From: "Stephanie Moorghen-Bernon" <stephanie at afrinic.net>
Subject: [AfrICANN-discuss] Streaming announcement for posting on
website and mailing lists
To: <announce at afrinic.net>, <member-discuss at afrinic.net>,
<africann at afrinic.net>
Message-ID: <002e01c9d7a3$74b0ba70$5e122f50$@net>
Content-Type: text/plain; charset="utf-8"
Dear All,
Please find attached our streaming announcement concerning the AfNOG-10 / AfriNIC-10 meetings, from the 19 to the 21 May 2009.
Best Regards,
Stephanie Moorghen-Bernon
Events Coordinator & Membership Liaison Officer
AfriNIC
Tel: (230) 466 6616
-------------- next part --------------
A non-text attachment was scrubbed...
Name: streaming_announcement.rtf
Type: text/rtf
Size: 1729 bytes
Desc: not available
Url : https://lists.afrinic.net/pipermail/africann/attachments/20090518/d70dc187/streaming_announcement-0001.bin
------------------------------
Message: 2
Date: Mon, 18 May 2009 03:52:13 -0700
From: SM <sm at resistor.net>
Subject: Re: [afnog] [AfrICANN-discuss] Google blames DNS insecurity
for Web site defacements
To: africann at afrinic.net
Message-ID: <6.2.5.6.2.20090518030248.0597e990 at resistor.net>
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 02:55 18-05-2009, Dr Yassin Mshana wrote:
>Now we are talking at last....is is or is there not a security issue?
This is a security issue.
>There have been a number of calls for a detailed technical
>description of what happened. Can someone in the technical side of
>activities please spare some minutes to educate us the concerned
>non-technical-users?
When you register a domain, you also have to specify the nameservers
for it. These nameservers are queried (DNS) to find the IP address
of the web server where the domain is hosted. Someone gained access,
through a programming error, to the site where the nameservers for
these domains are specified. The person changed the names of the
nameservers to other name servers under his/her control. Once they
did that, they had control over the domain and they could point it to
a site they were running. If you visited the web site for the
domain, you would still see the name of the domain in the address bar
of your browser. But you will get a different web page.
Let's say that you registered a domain called example.com. The
nameservers for example.com are ns1.example.net and
ns2.example.net. The actual web site (www.example.com) is hosted on
a server at IP address 192.0.2.1. When you type
http://www.example.com/ in your browser, your computer will connect
to IP address 192.0.2.1 and display the web page.
I change the nameservers for example.com without your authorisation
and set them to my nameservers (ns1.example.org and
ns2.example.com). ns1.example.org and ns2.example.org return a
different IP address (192.0.2.202) when they are queried for the IP
address of the www.example.com. When you type
http://www.example.com/ in your browser, your computer will now
connect to IP address 192.0.2.202 and display the web page. As I am
running the server at IP address 192.0.2.202, I got you to visit a
different web site and you won't notice that it is not the web site
you intended to go to. I could get you to download a virus to your
computer or else capture your login credentials if you generally have
to provide a user name and password to access content on the web site.
Regards,
-sm
------------------------------
Message: 3
Date: Mon, 18 May 2009 14:15:34 +0200
From: Calvin Browne <calvin at orange-tree.alt.za>
Subject: [AfrICANN-discuss] Re: [afnog] Google blames DNS insecurity
for Web site defacements
To: Bill Woodcock <woody at pch.net>
Cc: africann at afrinic.net, afnog at afnog.org
Message-ID: <1242648934.11374.3.camel at calvin-viao2>
Content-Type: text/plain
On Mon, 2009-05-18 at 03:26 -0700, Bill Woodcock wrote:
<SNIP>
> Thank you very much for the detailed information, that helps everyone
> better understand how to secure their operations.
>
> I've only seen reports of successful SQL compromises of the following
> ccTLDs:
>
> EC (Ecuador)
> MA (Morocco)
> NZ (New Zealand)
> PR (Puerto Rico)
> TN (Tunisia)
> UG (Uganda)
Does it appear these were co-ordinated?
are these registries running the same software?
having a co-ordinated attack against different bespoke software would be
way interesting.
regards
--Calvin
------------------------------
Message: 4
Date: Mon, 18 May 2009 12:56:23 +0300
From: "Eric M.K Osiakwan" <emko at internetresearch.com.gh>
Subject: [AfrICANN-discuss] Child Protection Online
To: AfricanCyberInfoNetwork at afrispa.org, africann at afrinic.net
Message-ID:
<B3A9D92A-3C8A-48E8-9711-A0325513B84D at internetresearch.com.gh>
Content-Type: text/plain; charset="us-ascii"
Dear All,
The 17th of May 2009 was World Telecoms and Information Society Day
on the theme "Protecting Children Online".
AfrISPA has just concluded an intense session of work with the ITU,
European Broadcasting Association, GSMA and others to develop "Child
Online Protection (COP) : Guidelines for Children, Parents,
Guardians, Educators, Industry and Policymakers" @ http://www.itu.int/
osg/csd/cybersecurity/gca/cop/guidelines/index.html - please take
time to review and send the necessary comments.
Eric here
Eric M.K Osiakwan
Director
Internet Research
www.internetresearch.com.gh
emko at internetresearch.com.gh
42 Ring Road Central, Accra-North
Tel: +233.21.258800 ext 7031
Fax: +233.21.258811
Cell: +233.24.4386792
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090518/7fd96ccb/attachment-0001.htm
------------------------------
Message: 5
Date: Mon, 18 May 2009 16:39:40 +0100
From: Dr Yassin Mshana <ymshana2003 at gmail.com>
Subject: Re: [AfrICANN-discuss] Re: [afnog] Google blames DNS
insecurity for Web site defacements
To: africann at afrinic.net
Message-ID:
<627b2fd0905180839m524a0f12g201bbf46779c04ac at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Thanks SM for the description of the Situation. at least now the communities
know what to worry about.SECURITY !!!
2009/5/18 Calvin Browne <calvin at orange-tree.alt.za>
> On Mon, 2009-05-18 at 03:26 -0700, Bill Woodcock wrote:
> <SNIP>
> > Thank you very much for the detailed information, that helps everyone
> > better understand how to secure their operations.
> >
> > I've only seen reports of successful SQL compromises of the following
> > ccTLDs:
> >
> > EC (Ecuador)
> > MA (Morocco)
> > NZ (New Zealand)
> > PR (Puerto Rico)
> > TN (Tunisia)
> > UG (Uganda)
>
> Does it appear these were co-ordinated?
> are these registries running the same software?
>
> having a co-ordinated attack against different bespoke software would be
> way interesting.
>
> regards
>
> --Calvin
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
>
--
c/o DFID-Nigeria
No. 10 Bobo Street
Maitama
Abuja
Nigeria
Skype: yassinmshana1
Mobile: +234-803 970 5117
Do You really NEED TO PRINT THIS? Sure?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090518/1ad70260/attachment-0001.htm
------------------------------
Message: 6
Date: Mon, 18 May 2009 16:40:17 +0100
From: Atef LOUKIL <atef at ati.tn>
Subject: [AfrICANN-discuss] Re: [afnog] Google blames DNS insecurity
for Web site defacements
To: EL MAAYATI Afaf <afaf at anrt.ma>
Cc: "afnog at afnog.org" <afnog at afnog.org>, "africann at afrinic.net"
<africann at afrinic.net>, Bill Woodcock <woody at pch.net>
Message-ID: <4A118161.4000309 at ati.tn>
Content-Type: text/plain; charset="iso-8859-1"
Dear all,
> I've only seen reports of successful SQL compromises of the following
> ccTLDs:
>
> EC (Ecuador)
> MA (Morocco)
> NZ (New Zealand)
> PR (Puerto Rico)
> TN (Tunisia)
> UG (Uganda)
>
could anybody indicate where we can find these reports of "successful
SQL compromises" ???
Regards,
_______________________________________________________
Atef LOUKIL
Tunisian Internet Agency,
ATI-LIR&NIC Departement
13, Rue Jugurtha Mutuelleville - 1002 Tunis - Tunisia
Phone: 216 71 846 100
Fax: 216 71 846 600
http://www.ati.tn
EL MAAYATI Afaf wrote:
> Hello everybody,
> Concerning ".MA", the origin of the "www.google.co.ma" Web site defacement was an attack which has affected The Registrar Online System.
> The Registrar of this domain name, believing that the update of NS entries has been asked by the legitimate user, has transmitted an ordinary request to the Registry.
>
> The vulnerability has been fixed by the Registrar.
>
> In fact, the incident was occured in the Online Registrar System, which dismisses any security risk related directly to the Registry system.
>
>
>
> Regards,
> ".MA" ccTLD
>
> -----Original Message-----
> From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of Calvin Browne
> Sent: Monday, May 18, 2009 12:16 PM
> To: Bill Woodcock
> Cc: africann at afrinic.net; afnog at afnog.org
> Subject: Re: [afnog] Google blames DNS insecurity for Web site defacements
>
> On Mon, 2009-05-18 at 03:26 -0700, Bill Woodcock wrote:
> <SNIP>
>
>> Thank you very much for the detailed information, that helps everyone
>> better understand how to secure their operations.
>>
>> I've only seen reports of successful SQL compromises of the following
>> ccTLDs:
>>
>> EC (Ecuador)
>> MA (Morocco)
>> NZ (New Zealand)
>> PR (Puerto Rico)
>> TN (Tunisia)
>> UG (Uganda)
>>
>
> Does it appear these were co-ordinated?
> are these registries running the same software?
>
> having a co-ordinated attack against different bespoke software would be
> way interesting.
>
> regards
>
> --Calvin
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
> Ce message, son contenu et toutes les pi?ces jointes sont adress?s ? l'attention exclusive de leur (s) destinataire (s) et sont strictement confidentiels : ils rel?vent de la correspondance priv?e. Toute publication, utilisation ou diffusion, m?me partielle, par des personnes autres que les destinataires est interdite et doit ?tre autoris?e par l'Agence Nationale de R?glementation des T?l?communications (ANRT, Royaume du Maroc). Si vous recevez ce message par erreur, nous vous prions de le d?truire apr?s en avoir inform? son exp?diteur sans d?lai. L'ANRT d?cline toute responsabilit? pour toute alt?ration, d?formation ou falsification subi par le message et ses pi?ces jointes au cours de leur transmission.
> Retrouvez toutes les informations de l'ANRT sur son site Web ? l'adresse suivante : http://www.anrt.ma.
>
> This message, its content and its attachments are intended for the exclusive use of the named addressee (s) and are strictly confidential. Any copy or other use of this information by persons or entities other than the intended recipient is prohibited and should be authorized by the National Agency of Telecommunications Regulation (ANRT, Morocco). If you have received this communication in error, please delete the material and notify the sender. The ANRT accepts no liability for any alteration, distortion or falsification that may occur during the transmission of this message. All information about ANRT can be found on our website at the following address http://www.anrt.ma.
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.afrinic.net/pipermail/africann/attachments/20090518/a9de41dc/smime.bin
------------------------------
_______________________________________________
AfrICANN mailing list
AfrICANN at afrinic.net
https://lists.afrinic.net/mailman/listinfo.cgi/africann
End of AfrICANN Digest, Vol 27, Issue 18
****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090518/af2d5a23/attachment-0001.htm
More information about the AfrICANN
mailing list