Become a fan of Slashdot on Facebook


Forgot your password?
Security Communications Networking

Want To Hijack a Domain? Just Get a Fax Machine 162

msm1267 writes "Metasploit's HD Moore says hackers sent a spoofed DNS change request via fax to that the registrar accepted, leading to a DNS hijacking attack against the Metasploit and Rapid7 websites. The two respective homepages were defaced with a message left by the same hacker collective that claimed responsibility for a similar DNS attack against Network Solutions. Rapid7 said the two sites' DNS records have been locked down and they are investigating."
This discussion has been archived. No new comments can be posted.

Want To Hijack a Domain? Just Get a Fax Machine

Comments Filter:
  • "hack" (Score:5, Insightful)

    by Anonymous Coward on Friday October 11, 2013 @01:02PM (#45102805)

    Social engineering is not hacking to me.

  • legal crime (Score:4, Insightful)

    by schneidafunk ( 795759 ) on Friday October 11, 2013 @01:04PM (#45102827)

    What is the legal crime committed here, simply fraud?

  • Re:"hack" (Score:5, Insightful)

    by i_ate_god ( 899684 ) on Friday October 11, 2013 @01:05PM (#45102843)

    What is the difference between injecting code into a machine to make it do what you want, and injecting an idea into a human to make the human do what you want.

  • by cyberpocalypse ( 2845685 ) on Friday October 11, 2013 @01:09PM (#45102883)

    There has been some commentary via mailing lists and Twitter feeds that this was not a big deal. Firstly, hats off to HD and his team, there was nothing they could have done about it. Secondly, this isn't to be taken lightly. Sure the attackers were minor script kiddies, but the reality is, the attack could have been extremely vicious. Consider an attacker replicating the content of the site and simply replacing the applications (nexpose, metasploit) with backdoored versions.

    Companies like Register and GoDaddy are lacking in the validation category. ANYONE can create fake identification using GIMP, Photoshop, etc., the fact they did not offer anything other than a fax request is mind bogglingly stupid. They should have called BACK the registrant's number to confirm the change request. But, companies would argue: "that would be costly" not even thinking of turning that kind of validation into say a business model: "for $10 extra per year..." when they should be doing it from the jump. (Neither here nor there) Personally, I hadn't been running any updates, but if I did, I would be going back, wiping my machines, and re-installing.
  • Re:"hack" (Score:4, Insightful)

    by sumdumass ( 711423 ) on Friday October 11, 2013 @01:28PM (#45103095) Journal

    Hackers also go bowling and put bumper stickers on cars. But few call those activities hacking. Just like few call rescueing kittens- firefighting.

  • Re:"hack" (Score:5, Insightful)

    by hairyfeet ( 841228 ) <bassbeast1968 AT gmail DOT com> on Friday October 11, 2013 @01:45PM (#45103291) Journal

    But we already HAD a word for that and it was not "hackers" it was con artists...or bunko men if you prefer a more gender specific term.

    If the guys here want to get all pedantic about the difference between virus and malware then why in God's green earth are we calling these guys hackers when they are doing the same shit that has been going on since before the fricking telephone? look up Bunko Bob, or Hod Bacon, guys have been doing cons for hundreds of years using nothing but their ability to manipulate the mark and this is no different and doesn't even require a computer,just the ability to sound professional and manipulate.

    This is NOT hacking folks, not even close. You might as well call a washing machine a jet engine for how far off the mark this is from actually hacking a system.

  • Re:"hack" (Score:4, Insightful)

    by fred911 ( 83970 ) on Friday October 11, 2013 @02:31PM (#45103703)

    "If manipulating people into doing things they wouldn't normally do is what you consider a "normal relationship", then you just might be sociopath."

    Or just a talented salesperson.

  • by Anonymous Coward on Friday October 11, 2013 @02:36PM (#45103749)

    Which registrar was this? I would like to know so that I can avoid them in the future.

You are always doing something marginal when the boss drops by your desk.