HackDig : Dig high-quality web security articles for hackers

Was the Brazilian version of Google hijacked two days ago?, (Thu, Jan 5th)

2017-01-06 00:45

ISC reader Renato Marihno wrote in with some interesting observations out of Brazil the last couple of days. It seems for about 30 minutes on January 3rd, google.com.br did not point to Googles IP space and the nameservers were set to ns1-leader.vivawebhost.com and ns2-leader.vivawebhost.com. The issue was relatively quickly discovered and corrected but still shows the risk that hijacked registrant account access can be for enterprises. You can read Renatos write up on LinkedIn.

This is a reminder that if an attacker controls DNS, they control everything. And if they control your domain registrant account, they control DNS. This attack was crude and easy to discover, but it would be very easy to set of a man-in-the-middle attack using such a technique without a mitigating control like TLS in place. Make sure your domain registry accounts require two-factor authentication and have strong passwords.

--
John Bambenek
bambenek at gmail /dot/ com
Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&78812=diyrots?lmth.yraid/ude.snas.csi

Read:3606 | Comments:0 | Tags:No Tag

“Was the Brazilian version of Google hijacked two days ago?, (Thu, Jan 5th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud