Social Engineering DNS
Two teenage “hackers” take control of comcast.net:
The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast’s domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.
And
The hackers say the flaw they exploited still exists, and that other large websites are equally vulnerable. Asked if they plan to attack anyone else, EBK says, “Who knows. Only Kryogeniks knows”
I love stories like this. Not because of the damage that has been done, but because it forces everyone to consider how critical systems like DNS are so badly broken. Think about it - two stoner kids took over email for all of Comcast’s customers. And the scary part is, if they wanted to, they could have done much, much more.
You can have all the encryption and technology you want, but if two kids with a telephone can convince your registrars support technicians to let them into your account, it’s all over.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Posted by Cory Wright on June 4th, 2008 under Articles, Registrars, Security.
Comments: none
Write a comment