NZ domainz got hacked?

Discussion in 'NZ Computing' started by news2.thing@gmail.com, May 12, 2009.

  1. Guest

    I seem to recall a while back that someone commented about being
    unable to access Domainz....now I get a email off them saying they
    have changed my password....after a "security review"...

    yeah right.....

    regards

    thing
     
    , May 12, 2009
    #1
    1. Advertising

  2. Dave Doe Guest

    In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    @y10g2000prc.googlegroups.com>, says...
    > I seem to recall a while back that someone commented about being
    > unable to access Domainz....now I get a email off them saying they
    > have changed my password....after a "security review"...
    >
    > yeah right.....


    Perhaps Lawrence is in charge of DomainZ hackable Linux servers - just
    simple SQL injection IIRC, got the DNS records for several "big" NZ
    sites (not just msn) and redirected them.

    --
    Duncan
     
    Dave Doe, May 13, 2009
    #2
    1. Advertising

  3. Enkidu Guest

    Dave Doe wrote:
    > In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > @y10g2000prc.googlegroups.com>, says...
    >> I seem to recall a while back that someone commented about being
    >> unable to access Domainz....now I get a email off them saying they
    >> have changed my password....after a "security review"...
    >>
    >> yeah right.....

    >
    > Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > just simple SQL injection IIRC, got the DNS records for several "big"
    > NZ sites (not just msn) and redirected them.
    >

    DomainZ runs Windows servers. Front end is IIS 6.0

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 13, 2009
    #3
  4. Dave Doe Guest

    In article <4a0b379a$>,
    says...
    > Dave Doe wrote:
    > > In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > > @y10g2000prc.googlegroups.com>, says...
    > >> I seem to recall a while back that someone commented about being
    > >> unable to access Domainz....now I get a email off them saying they
    > >> have changed my password....after a "security review"...
    > >>
    > >> yeah right.....

    > >
    > > Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > > just simple SQL injection IIRC, got the DNS records for several "big"
    > > NZ sites (not just msn) and redirected them.
    > >

    > DomainZ runs Windows servers. Front end is IIS 6.0


    They didn't hack those. They hacked the DNS servers, IIRC.

    --
    Duncan
     
    Dave Doe, May 13, 2009
    #4
  5. Dave Doe Guest

    In article <>,
    says...
    > In article <4a0b379a$>,
    > says...
    > > Dave Doe wrote:
    > > > In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > > > @y10g2000prc.googlegroups.com>, says...
    > > >> I seem to recall a while back that someone commented about being
    > > >> unable to access Domainz....now I get a email off them saying they
    > > >> have changed my password....after a "security review"...
    > > >>
    > > >> yeah right.....
    > > >
    > > > Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > > > just simple SQL injection IIRC, got the DNS records for several "big"
    > > > NZ sites (not just msn) and redirected them.
    > > >

    > > DomainZ runs Windows servers. Front end is IIS 6.0

    >
    > They didn't hack those. They hacked the DNS servers, IIRC.


    Here's some more info for yer...

    http://www.zone-h.org/news/id/4708

    Looks like they hacked cpanel or somethin.

    --
    Duncan
     
    Dave Doe, May 13, 2009
    #5
  6. AD. Guest

    On May 14, 10:31 am, Dave Doe <> wrote:
    > In article <>,
    > says...
    >
    > > Dave Doe wrote:
    > > > In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > > > @y10g2000prc.googlegroups.com>, says...
    > > >> I seem to recall a while back that someone commented about being
    > > >> unable to access Domainz....now I get a email off them saying they
    > > >> have changed my password....after a "security review"...

    >
    > > >> yeah right.....

    >
    > > > Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > > > just simple SQL injection IIRC, got the DNS records for several "big"
    > > > NZ sites (not just msn) and redirected them.

    >
    > > DomainZ runs Windows servers. Front end is IIS 6.0

    >
    > They didn't hack those.  They hacked the DNS servers, IIRC.


    Really? Everything I heard said it was SQL injection through the
    registry web interface, and that allowed them to update the DNS
    records. The DNS servers themselves weren't compromised.

    And it wouldn't have been cpanel. They might (I have no idea) use that
    for their own webhosting service, but the registry management part
    wouldn't be cpanel.

    --
    Cheers
    Anton
     
    AD., May 14, 2009
    #6
  7. Enkidu Guest

    Dave Doe wrote:
    > In article <>,
    > says...
    >> In article <4a0b379a$>,
    >> says...
    >>> Dave Doe wrote:
    >>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    >>>> @y10g2000prc.googlegroups.com>, says...
    >>>>> I seem to recall a while back that someone commented about being
    >>>>> unable to access Domainz....now I get a email off them saying they
    >>>>> have changed my password....after a "security review"...
    >>>>>
    >>>>> yeah right.....
    >>>> Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    >>>> just simple SQL injection IIRC, got the DNS records for several "big"
    >>>> NZ sites (not just msn) and redirected them.
    >>>>
    >>> DomainZ runs Windows servers. Front end is IIS 6.0

    >> They didn't hack those. They hacked the DNS servers, IIRC.

    >
    > Here's some more info for yer...
    >
    > http://www.zone-h.org/news/id/4708
    >
    > Looks like they hacked cpanel or somethin.
    >

    Yeah, the DNS servers themselves were not hacked from that description.
    "SQL Injection" smells of MS SQL Server. "CPanel" or whatever it was
    could probably run on IIS or Apache.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 14, 2009
    #7
  8. Dave Doe Guest

    In article <>,
    says...
    > Dave Doe wrote:
    > > In article <>,
    > > says...
    > >> In article <4a0b379a$>,
    > >> says...
    > >>> Dave Doe wrote:
    > >>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > >>>> @y10g2000prc.googlegroups.com>, says...
    > >>>>> I seem to recall a while back that someone commented about being
    > >>>>> unable to access Domainz....now I get a email off them saying they
    > >>>>> have changed my password....after a "security review"...
    > >>>>>
    > >>>>> yeah right.....
    > >>>> Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > >>>> just simple SQL injection IIRC, got the DNS records for several "big"
    > >>>> NZ sites (not just msn) and redirected them.
    > >>>>
    > >>> DomainZ runs Windows servers. Front end is IIS 6.0
    > >> They didn't hack those. They hacked the DNS servers, IIRC.

    > >
    > > Here's some more info for yer...
    > >
    > > http://www.zone-h.org/news/id/4708
    > >
    > > Looks like they hacked cpanel or somethin.
    > >

    > Yeah, the DNS servers themselves were not hacked from that description.
    > "SQL Injection" smells of MS SQL Server.


    ??? - how do you work that one out.

    --
    Duncan
     
    Dave Doe, May 15, 2009
    #8
  9. Guest

    On May 14, 10:56 pm, Enkidu <> wrote:
    > Dave Doe wrote:
    > > In article <>,
    > > says...
    > >> In article <>,
    > >> says...
    > >>> Dave Doe wrote:
    > >>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > >>>> @y10g2000prc.googlegroups.com>, says...
    > >>>>> I seem to recall a while back that someone commented about being
    > >>>>> unable to access Domainz....now I get a email off them saying they
    > >>>>> have changed my password....after a "security review"...

    >
    > >>>>> yeah right.....
    > >>>> Perhaps Lawrence is in charge of DomainZ hackable Linux servers -
    > >>>> just simple SQL injection IIRC, got the DNS records for several "big"
    > >>>> NZ sites (not just msn) and redirected them.

    >
    > >>> DomainZ runs Windows servers. Front end is IIS 6.0
    > >> They didn't hack those.  They hacked the DNS servers, IIRC.

    >
    > > Here's some more info for yer...

    >
    > >http://www.zone-h.org/news/id/4708

    >
    > > Looks like they hacked cpanel or somethin.

    >
    > Yeah, the DNS servers themselves were not hacked from that description.
    > "SQL Injection" smells of MS SQL Server. "CPanel" or whatever it was
    > could probably run on IIS or Apache.
    >
    > Cheers,
    >
    > Cliff
    >
    > --
    >
    > The Internet is interesting in that although the nicknames may change,
    > the same old personalities show through.


    On the other hand Domainz has been advertising for a BIND/Linux
    specialist....

    regards

    Thing
     
    , May 15, 2009
    #9
  10. Enkidu Guest

    Dave Doe wrote:
    > In article <>,
    > says...
    >> Dave Doe wrote:
    >>> In article <>,
    >>> says...
    >>>> In article <4a0b379a$>,
    >>>> says...
    >>>>> Dave Doe wrote:
    >>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    >>>>>> @y10g2000prc.googlegroups.com>,
    >>>>>> says...
    >>>>>>> I seem to recall a while back that someone commented
    >>>>>>> about being unable to access Domainz....now I get a email
    >>>>>>> off them saying they have changed my password....after a
    >>>>>>> "security review"...
    >>>>>>>
    >>>>>>> yeah right.....
    >>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    >>>>>> servers - just simple SQL injection IIRC, got the DNS
    >>>>>> records for several "big" NZ sites (not just msn) and
    >>>>>> redirected them.
    >>>>>>
    >>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    >>>> They didn't hack those. They hacked the DNS servers, IIRC.
    >>> Here's some more info for yer...
    >>>
    >>> http://www.zone-h.org/news/id/4708
    >>>
    >>> Looks like they hacked cpanel or somethin.
    >>>

    >> Yeah, the DNS servers themselves were not hacked from that
    >> description. "SQL Injection" smells of MS SQL Server.

    >
    > ??? - how do you work that one out.
    >

    Most SQL Injection attacks are against MS SQL server.

    Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    gives 948,000 hits.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 15, 2009
    #10
  11. Dave Doe Guest

    In article <>,
    says...
    > Dave Doe wrote:
    > > In article <>,
    > > says...
    > >> Dave Doe wrote:
    > >>> In article <>,
    > >>> says...
    > >>>> In article <4a0b379a$>,
    > >>>> says...
    > >>>>> Dave Doe wrote:
    > >>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > >>>>>> @y10g2000prc.googlegroups.com>,
    > >>>>>> says...
    > >>>>>>> I seem to recall a while back that someone commented
    > >>>>>>> about being unable to access Domainz....now I get a email
    > >>>>>>> off them saying they have changed my password....after a
    > >>>>>>> "security review"...
    > >>>>>>>
    > >>>>>>> yeah right.....
    > >>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    > >>>>>> servers - just simple SQL injection IIRC, got the DNS
    > >>>>>> records for several "big" NZ sites (not just msn) and
    > >>>>>> redirected them.
    > >>>>>>
    > >>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    > >>>> They didn't hack those. They hacked the DNS servers, IIRC.
    > >>> Here's some more info for yer...
    > >>>
    > >>> http://www.zone-h.org/news/id/4708
    > >>>
    > >>> Looks like they hacked cpanel or somethin.
    > >>>
    > >> Yeah, the DNS servers themselves were not hacked from that
    > >> description. "SQL Injection" smells of MS SQL Server.

    > >
    > > ??? - how do you work that one out.
    > >

    > Most SQL Injection attacks are against MS SQL server.
    >
    > Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    > "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    > gives 948,000 hits.


    I still don't get it. This is a SQL injection attack on Linux -
    statistics doesn't change that.

    Infact, what does your stats have to do with anything related to the
    post?

    Would you like some more links re the hack?

    --
    Duncan
     
    Dave Doe, May 15, 2009
    #11
  12. Enkidu Guest

    Dave Doe wrote:
    > In article <>,
    > says...
    >> Dave Doe wrote:
    >>> In article <>,
    >>> says...
    >>>> Dave Doe wrote:
    >>>>> In article <>,
    >>>>> says...
    >>>>>> In article <4a0b379a$>,
    >>>>>> says...
    >>>>>>> Dave Doe wrote:
    >>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    >>>>>>>> @y10g2000prc.googlegroups.com>,
    >>>>>>>> says...
    >>>>>>>>> I seem to recall a while back that someone commented
    >>>>>>>>> about being unable to access Domainz....now I get a email
    >>>>>>>>> off them saying they have changed my password....after a
    >>>>>>>>> "security review"...
    >>>>>>>>>
    >>>>>>>>> yeah right.....
    >>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    >>>>>>>> servers - just simple SQL injection IIRC, got the DNS
    >>>>>>>> records for several "big" NZ sites (not just msn) and
    >>>>>>>> redirected them.
    >>>>>>>>
    >>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    >>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
    >>>>> Here's some more info for yer...
    >>>>>
    >>>>> http://www.zone-h.org/news/id/4708
    >>>>>
    >>>>> Looks like they hacked cpanel or somethin.
    >>>>>
    >>>> Yeah, the DNS servers themselves were not hacked from that
    >>>> description. "SQL Injection" smells of MS SQL Server.
    >>> ??? - how do you work that one out.
    >>>

    >> Most SQL Injection attacks are against MS SQL server.
    >>
    >> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    >> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    >> gives 948,000 hits.

    >
    > I still don't get it. This is a SQL injection attack on Linux -
    > statistics doesn't change that.
    >

    Why do you think it is on Linux?

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 15, 2009
    #12
  13. AD. Guest

    On May 15, 5:47 pm, Enkidu <> wrote:
    > Most SQL Injection attacks are against MS SQL server.
    >
    > Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    > "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    > gives 948,000 hits.


    Not really relevant - SQL injection attacks aren't attacks exploiting
    a DB server problem, they are attacks against the application using
    the DB. It is a measure of the application or the framework it is
    built on rather than the DB itself.

    --
    Cheers
    Anton
     
    AD., May 15, 2009
    #13
  14. Enkidu Guest

    AD. wrote:
    > On May 15, 5:47 pm, Enkidu <> wrote:
    >> Most SQL Injection attacks are against MS SQL server.
    >>
    >> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    >> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL
    >> Injection" gives 948,000 hits.

    >
    > Not really relevant - SQL injection attacks aren't attacks exploiting
    > a DB server problem, they are attacks against the application using
    > the DB. It is a measure of the application or the framework it is
    > built on rather than the DB itself.
    >

    Sure SQL Injection is a user input sanitization problem, but if the
    attacker can get away with it, he/she will need to code his attack
    correctly depending on the back end database. MS provide URLScan which
    can help prevent attacks, but that merely trying to patch over the
    cracks. The programmer needs to sanitize the user input.

    Where was I? Oh, yeah, regardless of the above, specific databases are
    vulnerable in specific ways
    (see http://www.linux.com/archive/feature/54584 for a PostgreSQL
    example) and MS SQL server *appears* to be more vulnerable than most.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 16, 2009
    #14
  15. Dave Doe Guest

    In article <4a0d34d9$>,
    says...
    > Dave Doe wrote:
    > > In article <>,
    > > says...
    > >> Dave Doe wrote:
    > >>> In article <>,
    > >>> says...
    > >>>> Dave Doe wrote:
    > >>>>> In article <>,
    > >>>>> says...
    > >>>>>> In article <4a0b379a$>,
    > >>>>>> says...
    > >>>>>>> Dave Doe wrote:
    > >>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    > >>>>>>>> @y10g2000prc.googlegroups.com>,
    > >>>>>>>> says...
    > >>>>>>>>> I seem to recall a while back that someone commented
    > >>>>>>>>> about being unable to access Domainz....now I get a email
    > >>>>>>>>> off them saying they have changed my password....after a
    > >>>>>>>>> "security review"...
    > >>>>>>>>>
    > >>>>>>>>> yeah right.....
    > >>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    > >>>>>>>> servers - just simple SQL injection IIRC, got the DNS
    > >>>>>>>> records for several "big" NZ sites (not just msn) and
    > >>>>>>>> redirected them.
    > >>>>>>>>
    > >>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    > >>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
    > >>>>> Here's some more info for yer...
    > >>>>>
    > >>>>> http://www.zone-h.org/news/id/4708
    > >>>>>
    > >>>>> Looks like they hacked cpanel or somethin.
    > >>>>>
    > >>>> Yeah, the DNS servers themselves were not hacked from that
    > >>>> description. "SQL Injection" smells of MS SQL Server.
    > >>> ??? - how do you work that one out.
    > >>>
    > >> Most SQL Injection attacks are against MS SQL server.
    > >>
    > >> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    > >> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    > >> gives 948,000 hits.

    > >
    > > I still don't get it. This is a SQL injection attack on Linux -
    > > statistics doesn't change that.
    > >

    > Why do you think it is on Linux?


    I've already posted the link, but...

    http://www.zone-h.org/mirror/id/8791343

    http://www.zone-h.org/mirror/id/8791688

    http://www.zone-h.org/mirror/id/8791681

    http://www.zone-h.org/mirror/id/8791650

    http://www.zone-h.org/mirror/id/8791511

    http://www.zone-h.org/mirror/id/8791510

    http://www.zone-h.org/mirror/id/8791508

    http://www.zone-h.org/mirror/id/8791497

    http://www.zone-h.org/mirror/id/8791472

    http://www.zone-h.org/mirror/id/8791466

    http://www.zone-h.org/mirror/id/8791436

    http://www.zone-h.org/mirror/id/8791434

    http://www.zone-h.org/mirror/id/8791375

    http://www.zone-h.org/mirror/id/8791343

    http://www.zone-h.org/mirror/id/8791345

    http://www.zone-h.org/mirror/id/8791339

    Note the OS and web servers in those links above.

    http://www.nbr.co.nz/article/microsoft-nz-hacked-updated-101421

    Note the pointer to Domainz controlling Co, the Melbourne site - you
    said they run MS IIS. Wrong, they run Apache...

    http://uptime.netcraft.com/up/graph?site=domainz.net.nz

    It appears to me that the DNS bug is in BIND. Must be Microsoft BIND is
    it?

    http://www.zdnet.com.au/news/security/soa/Hackers-deface-New-Zealand-
    sites/0,130061744,339296043,00.htm

    http://www.theregister.co.uk/2008/08/11/cache_poisoning_threat_remains/


    Using statistics as evidence is generally regarded as very poor science.

    --
    Duncan
     
    Dave Doe, May 17, 2009
    #15
  16. Enkidu Guest

    Dave Doe wrote:
    > In article <4a0d34d9$>,
    > says...
    >> Dave Doe wrote:
    >>> In article <>,
    >>> says...
    >>>> Dave Doe wrote:
    >>>>> In article <>,
    >>>>> says...
    >>>>>> Dave Doe wrote:
    >>>>>>> In article <>,
    >>>>>>> says...
    >>>>>>>> In article <4a0b379a$>,
    >>>>>>>> says...
    >>>>>>>>> Dave Doe wrote:
    >>>>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    >>>>>>>>>> @y10g2000prc.googlegroups.com>,
    >>>>>>>>>> says...
    >>>>>>>>>>> I seem to recall a while back that someone commented
    >>>>>>>>>>> about being unable to access Domainz....now I get a email
    >>>>>>>>>>> off them saying they have changed my password....after a
    >>>>>>>>>>> "security review"...
    >>>>>>>>>>>
    >>>>>>>>>>> yeah right.....
    >>>>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    >>>>>>>>>> servers - just simple SQL injection IIRC, got the DNS
    >>>>>>>>>> records for several "big" NZ sites (not just msn) and
    >>>>>>>>>> redirected them.
    >>>>>>>>>>
    >>>>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    >>>>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
    >>>>>>> Here's some more info for yer...
    >>>>>>>
    >>>>>>> http://www.zone-h.org/news/id/4708
    >>>>>>>
    >>>>>>> Looks like they hacked cpanel or somethin.
    >>>>>>>
    >>>>>> Yeah, the DNS servers themselves were not hacked from that
    >>>>>> description. "SQL Injection" smells of MS SQL Server.
    >>>>> ??? - how do you work that one out.
    >>>>>
    >>>> Most SQL Injection attacks are against MS SQL server.
    >>>>
    >>>> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    >>>> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
    >>>> gives 948,000 hits.
    >>> I still don't get it. This is a SQL injection attack on Linux -
    >>> statistics doesn't change that.
    >>>

    >> Why do you think it is on Linux?

    >
    > I've already posted the link, but...
    >
    > http://www.zone-h.org/mirror/id/8791343
    >
    > http://www.zone-h.org/mirror/id/8791688
    >
    > http://www.zone-h.org/mirror/id/8791681
    >
    > http://www.zone-h.org/mirror/id/8791650
    >
    > http://www.zone-h.org/mirror/id/8791511
    >
    > http://www.zone-h.org/mirror/id/8791510
    >
    > http://www.zone-h.org/mirror/id/8791508
    >
    > http://www.zone-h.org/mirror/id/8791497
    >
    > http://www.zone-h.org/mirror/id/8791472
    >
    > http://www.zone-h.org/mirror/id/8791466
    >
    > http://www.zone-h.org/mirror/id/8791436
    >
    > http://www.zone-h.org/mirror/id/8791434
    >
    > http://www.zone-h.org/mirror/id/8791375
    >
    > http://www.zone-h.org/mirror/id/8791343
    >
    > http://www.zone-h.org/mirror/id/8791345
    >
    > http://www.zone-h.org/mirror/id/8791339
    >
    > Note the OS and web servers in those links above.
    >

    The exploit was on the DomainZ site which does run the Microsoft OS.
    Since the attack was a DNS redirect, it is not surprising that the
    'hacked' pages show up the server and OS of the *attacker's* site.
    >
    > http://www.nbr.co.nz/article/microsoft-nz-hacked-updated-101421
    >
    > Note the pointer to Domainz controlling Co, the Melbourne site - you
    > said they run MS IIS. Wrong, they run Apache...
    >

    DomainZ was the attacked site and they do run IIS.
    >
    > http://uptime.netcraft.com/up/graph?site=domainz.net.nz
    >
    > It appears to me that the DNS bug is in BIND. Must be Microsoft BIND is
    > it?
    >

    What DNS bug? Hacking the Control Panel would let them change the DNS
    servers without touching the DNS servers themselves. It doesn't matter
    what the actual DNS servers run.
    >
    > http://www.zdnet.com.au/news/security/soa/Hackers-deface-New-Zealand-
    > sites/0,130061744,339296043,00.htm
    >
    > http://www.theregister.co.uk/2008/08/11/cache_poisoning_threat_remains/
    >
    >
    > Using statistics as evidence is generally regarded as very poor science.
    >

    It is more likely that the backend is Microsoft as the Front End is
    Microsoft.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
     
    Enkidu, May 17, 2009
    #16
  17. Jack Spratt Guest

    "Enkidu" <> wrote in message
    news:...
    > Dave Doe wrote:
    >> In article <>,
    >> says...
    >>> Dave Doe wrote:
    >>>> In article <>,
    >>>> says...
    >>>>> In article <4a0b379a$>,
    >>>>> says...
    >>>>>> Dave Doe wrote:
    >>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
    >>>>>>> @y10g2000prc.googlegroups.com>,
    >>>>>>> says...
    >>>>>>>> I seem to recall a while back that someone commented
    >>>>>>>> about being unable to access Domainz....now I get a email
    >>>>>>>> off them saying they have changed my password....after a
    >>>>>>>> "security review"...
    >>>>>>>>
    >>>>>>>> yeah right.....
    >>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
    >>>>>>> servers - just simple SQL injection IIRC, got the DNS
    >>>>>>> records for several "big" NZ sites (not just msn) and
    >>>>>>> redirected them.
    >>>>>>>
    >>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
    >>>>> They didn't hack those. They hacked the DNS servers, IIRC.
    >>>> Here's some more info for yer...
    >>>>
    >>>> http://www.zone-h.org/news/id/4708
    >>>>
    >>>> Looks like they hacked cpanel or somethin.
    >>>>
    >>> Yeah, the DNS servers themselves were not hacked from that
    >>> description. "SQL Injection" smells of MS SQL Server.

    >>
    >> ??? - how do you work that one out.
    >>

    > Most SQL Injection attacks are against MS SQL server.
    >
    > Google hits for "MySQL SQL Injection" gives 617,000 hits, for "PostgreSQL
    > SQL Injection" gives 109,000 hits and for "MS SQL Injection" gives 948,000
    > hits.


    So it's official. Not only is it more popular than it's Open Source
    counterparts but information and support is more easily found.
     
    Jack Spratt, May 17, 2009
    #17
  18. Party Animal Guest

    Jack Spratt wrote:

    >
    > So it's official. Not only is it more popular than it's Open Source
    > counterparts but information and support is more easily found.
    >

    MySQL is open source.

    Open mouth.
    Change feet.
     
    Party Animal, May 17, 2009
    #18
  19. Jack Spratt Guest

    "Party Animal" <> wrote in message
    news:guofnb$qf9$...
    > Jack Spratt wrote:
    >
    >>
    >> So it's official. Not only is it more popular than it's Open Source
    >> counterparts but information and support is more easily found.
    >>

    > MySQL is open source.
    >
    > Open mouth.
    > Change feet.




    If you unsnip what I wrote you may see that is exactly what I said.
    I referred to MS SQL Server and it's open source counterparts (mysql and
    postgresql)

    Here is the relevant part again so you can read it while putting both feet
    in.

    > Most SQL Injection attacks are against MS SQL server.
    >
    > Google hits for "MySQL SQL Injection" gives 617,000 hits, for "PostgreSQL
    > SQL Injection" gives 109,000 hits and for "MS SQL Injection" gives 948,000
    > hits.
     
    Jack Spratt, May 17, 2009
    #19
  20. Party Animal Guest

    Jack Spratt wrote:
    > "Party Animal" <> wrote in message
    > news:guofnb$qf9$...
    >> Jack Spratt wrote:
    >>
    >>>
    >>> So it's official. Not only is it more popular than it's Open Source
    >>> counterparts but information and support is more easily found.
    >>>

    >> MySQL is open source.
    >>
    >> Open mouth.
    >> Change feet.

    >
    >
    >
    > If you unsnip what I wrote you may see that is exactly what I said.
    > I referred to MS SQL Server and it's open source counterparts (mysql and
    > postgresql)
    >
    > Here is the relevant part again so you can read it while putting both
    > feet in.
    >
    >> Most SQL Injection attacks are against MS SQL server.
    >>
    >> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
    >> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL
    >> Injection" gives 948,000 hits.

    >
    >
    >

    Sorry
    Mmmmmmffffffffff
    <thud>
     
    Party Animal, May 17, 2009
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rowdy Yates

    OT: April Fools - FARK Got Hacked.

    Rowdy Yates, Apr 1, 2004, in forum: MCSE
    Replies:
    0
    Views:
    450
    Rowdy Yates
    Apr 1, 2004
  2. Samantha

    Hi ppl ,,,,,got hacked the other day

    Samantha, May 23, 2004, in forum: Computer Support
    Replies:
    9
    Views:
    438
    Richard
    May 23, 2004
  3. John

    Domainz website

    John, Jul 6, 2004, in forum: NZ Computing
    Replies:
    4
    Views:
    483
    Collector_NZ
    Jul 6, 2004
  4. Steve Marshall

    Domainz, and "outdated encryption methods"

    Steve Marshall, Jun 17, 2005, in forum: NZ Computing
    Replies:
    4
    Views:
    479
    Steve Marshall
    Jun 23, 2005
  5. Boppy
    Replies:
    4
    Views:
    381
    Gordon
    Nov 1, 2008
Loading...

Share This Page