From: http://www.bluecoat.com/blog/baidu-taken-down-dns-hackSo Baidu got hacked yesterday. That is rattling bounteous news. For China, that's same locution "Google got hacked." It's the leading search engine there, and digit I've spent instance using during impact on our Asiatic power for DRTR.The initial report I saw pointed not to an move on Baidu's servers, but on the DNS entries that permit the websurfers of the world intend to the correct site. In another words, if you crapper modify the "official" DNS entry for a site, you modify its cyberspace address. Just same that, you've tricked the entire cyberspace into thinking that the positioning for baidu.com is today on a server somewhere else, and that's where everyone will go. (The huge potential payoff for a phisherman or another Bad Guy who crapper pull soured a DNS hack is ground the "Kaminsky bug" was much a huge deal in the section press back in 2008.)However, my initial surmisal (and it's exclusive a guess, since I've seen whatever real info in any of the sites I checked) is that digit of the engineers who has admittance to baidu.com's field study registration statement unknowingly used a malware-infected machine to admittance the registrar, and thereby had his password stolen. (Alternatively, someone could hit "social engineered" their way instance the field registrar's safeguards -- i.e., do whatever fast conversation and persuade them that you're Baidu's authorised cloth and you requirement to modify whatever settings -- but I consider that a aggregation less likely.)One of my "key stories" for 2009 would be Gumblar (and another malware families) specifically targeting website passwords, either FTP credentials in visit to gain admittance to the files that attain up a site, or the field functionary statement study and password in visit to do a DNS-redirection move same this one. In either case, a Bad Guy with your statement study and passwords is essentially you, at least as farther as your scheme stock is concerned, and crapper exclusive walk in the front door and attain whatever changes he wants.So, if you're in a corporate IT function that involves field for your Web field and/or site, this would be a good instance to analyse the processes you study when you attain Registration (rarely) or Site changes (every day). Do you use any old computer, at bag or work? Or do you attain a semiconscious try to exclusive log in from a maximum-security (maybe even a dedicated?) computer? At minimum, you should be trusty that the computer(s) you use for these tasks are fully patched, and fortified by both antivirus and scheme filtering.I'll be peculiar to wager if any additional info emerge most how the hack was pulled off.
0 komentar:
Post a Comment