Rice University logo
 
Top blue bar image
Comp527: Computer Systems Security
A graduate seminar: current topics in computer security
 
«
»

Why keeping your passwords safe is important

Nobody ever wants to have their account security compromised on any system, no matter if we are talking about a blog, news site, facebook, youtube or a paid subscription service. But there are systems where having your account compromised can be even worse than any of the above and can even endanger your job (or your sanity). Apparently, hacking into DNS domain owner accounts for small organizations is becoming a popular trend.

For example: www.yanceycountync.gov usually resolves to 66.147.242.162, but due to the domain owner’s account being compromised, the site payday.yanceycountync.gov not long ago resolved to 67.55.33.109 (the site has since been removed).

Not only does this type of hack damage the organization’s reputation by linking it with spam, it also facilitates any sort of scam involving anything the organization does. Imagine if someone did this to your bank and then sent you an e-mail with an account alert, linking you to a site seemingly on your bank’s domain. Depending on your security practices, you would never know what hit you.

This type of hack is also almost impossible for the organization to detect until you actually visit the compromised page. There is no system in place to tell you that someone altered your domain information without your consent (one comment suggests that http://www.robtex.com could have detected them, although that requires a manual search) .

There are theories about how those accounts got hacked, but no definitive answers yet. My personal guess is that either dictionary passwords or very easy security questions (depending on how the DNS server handles account recovery) were used. Another possibility pointed out in comments is that the DNS server software for the DNS servers involved was just old and outdated and allowed any user to create subdomains of any domain, a very frightening possibility. This seems to be plausible in at least one case, as visiting the payday.yanceycountync.gov website returns an account suspended message, indicating it was a different account than www.yanceycountync.gov, which is still active.

For a full list of hacked domains, see the original website below:

From https://isc.sans.edu/diary/What+s+In+A+Name+/11770
First seen at: http://slashdot.org

This entry was posted on Thursday, October 13th, 2011 at 10:44 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

You must be logged in to post a comment.