homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

HushMail - Defaced Via Social Engineered DNS Attack

 1:11 pm on May 18, 2005 (gmt 0)

Hushmail is one of the webs largest email services.


A social engineering attack resulted in secure e-mail service provider Hushmail having its Website redirected to a defaced site. According to reports, Network Solutions, the Domain Name Service provider behemoth, gave out information through a customer support line sufficient to allow an attacker to alter DNS record information for Hushmail.com.



 1:49 pm on May 18, 2005 (gmt 0)

It amazes me how Net Sol never seems to learn from these lessons.


 2:43 pm on May 18, 2005 (gmt 0)

I read this almost a month ago on an obscure privacy blog

on that site:
Perhaps most odd is that I didn't see anything on slashdot, or anywhere else in the news about a security breech at Network Solutions (?)

I couldn't verify the report at all and when I looked there was no such notice on Hushmail at the time.


 2:55 pm on May 18, 2005 (gmt 0)

It amazes me how Net Sol never seems to learn from these lessons.

It amazes me that anyone still uses Network Solutions as a provider anything when they keep doing stuff like this.


 3:02 pm on May 18, 2005 (gmt 0)

I don't think we know the whole story or who was *really* at fault.


 3:03 pm on May 18, 2005 (gmt 0)

The actual DNS hijacking happened about a month back, but Hushmail are now pushing for a criminal investigation. NetSol commented on the problem in this eweek article:

Source: [eweek.com...]
Network Solutions spokeswoman Susan Wade confirmed that the breach occurred as a result of certain weaknesses in the registrar's customer-service security measures ... "We're seriously investigating the incident. We are aware that a hacker temporarily altered this customer's [DNS records]. Our security team promptly rectified the situation,"... She described the breach as an "isolated incident" and said Network Solutions would immediately institute "additional security measures to ensure it doesn't occur in the future... but we are taking this very, very seriously"

It appears that NetSol accept their responsability, whatever that's worth.


 7:15 pm on May 18, 2005 (gmt 0)


I love the very very serious part.

You see, there are other types like the "very serious" breaches, the "serious" breaches, and the "eh, will check it out later" breaches.


 11:27 pm on May 18, 2005 (gmt 0)


As a past phreaker from Vancouver, this is just hilarious that the RCMP have become involved.

I'm not suggesting that the RCMP live up to the Dudley Do Right stereotype.. but they will be of absolutely no assistance to Hushmail. Canadian's are not going to be quick to jump to help anything that seemingly exposes 'Uncle Sam as Big Brother' antics, heresay or not.. besides, there's about 30,000 grow ops in BC to deal with, the Mounties have got better things to do than rectify some call center's dumb hiring choice.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved