HushMail - Defaced Via Social Engineered DNS Attack - Domain Names forum at WebmasterWorld

Forum Moderators: buckworks & webwork

Message Too Old, No Replies

HushMail - Defaced Via Social Engineered DNS Attack

Brett_Tabke

1:11 pm on May 18, 2005 (gmt 0)

Hushmail is one of the webs largest email services.

[entmag.com...]

A social engineering attack resulted in secure e-mail service provider Hushmail having its Website redirected to a defaced site. According to reports, Network Solutions, the Domain Name Service provider behemoth, gave out information through a customer support line sufficient to allow an attacker to alter DNS record information for Hushmail.com.

mrMister

1:49 pm on May 18, 2005 (gmt 0)

It amazes me how Net Sol never seems to learn from these lessons.

paybacksa

2:43 pm on May 18, 2005 (gmt 0)

I read this almost a month ago on an obscure privacy blog
[privacy.typepad.com...]

on that site:

Perhaps most odd is that I didn't see anything on slashdot, or anywhere else in the news about a security breech at Network Solutions (?)

I couldn't verify the report at all and when I looked there was no such notice on Hushmail at the time.

CritterNYC

2:55 pm on May 18, 2005 (gmt 0)

It amazes me how Net Sol never seems to learn from these lessons.

It amazes me that anyone still uses Network Solutions as a provider anything when they keep doing stuff like this.

Brett_Tabke

3:02 pm on May 18, 2005 (gmt 0)

I don't think we know the whole story or who was *really* at fault.

encyclo

3:03 pm on May 18, 2005 (gmt 0)

The actual DNS hijacking happened about a month back, but Hushmail are now pushing for a criminal investigation. NetSol commented on the problem in this eweek article:

Source: [eweek.com...]

Network Solutions spokeswoman Susan Wade confirmed that the breach occurred as a result of certain weaknesses in the registrar's customer-service security measures ... "We're seriously investigating the incident. We are aware that a hacker temporarily altered this customer's [DNS records]. Our security team promptly rectified the situation,"... She described the breach as an "isolated incident" and said Network Solutions would immediately institute "additional security measures to ensure it doesn't occur in the future... but we are taking this very, very seriously"

It appears that NetSol accept their responsability, whatever that's worth.

Tapolyai

7:15 pm on May 18, 2005 (gmt 0)

LOL!

I love the very very serious part.

You see, there are other types like the "very serious" breaches, the "serious" breaches, and the "eh, will check it out later" breaches.

flyerguy

11:27 pm on May 18, 2005 (gmt 0)

Omg.

As a past phreaker from Vancouver, this is just hilarious that the RCMP have become involved.

I'm not suggesting that the RCMP live up to the Dudley Do Right stereotype.. but they will be of absolutely no assistance to Hushmail. Canadian's are not going to be quick to jump to help anything that seemingly exposes 'Uncle Sam as Big Brother' antics, heresay or not.. besides, there's about 30,000 grow ops in BC to deal with, the Mounties have got better things to do than rectify some call center's dumb hiring choice.