HACK THE PLANET!

They stole their mega hurtz!

OMG The guys that have a huge influence over the net/web got their websites hacked!?

To me that is rather surprising.

... than stealing any other register.com customer's domain.

They appear to have omitted to take even the most basic steps to lock the domains down when creating them. Compare

http://216.239.59.104/search?q=cache:Boyyc-xwKPQJ:www.who.is/whois-net/ip-address/icann.net/+whois+icann.net&hl=en&ct=clnk&cd=3&gl=uk&client=firefox-a

with

http://www.who.is/whois-net/ip-address/icann.net/

>>>Before:

Registry Whois

Domain Name: icann.net

Status: clientTransferProhibited

Registrar: REGISTER.COM, INC.

Whois Server: whois.register.com

Referral URL: http://www.register.com

Expiration Date: 2013-12-07

Creation Date: 1998-09-14

Last Update Date: 2008-03-24

Name Servers:

a.iana-servers.net

b.iana-servers.org

c.iana-servers.net

d.iana-servers.net

ns.icann.org

>>>After:

Registry Whois

Domain Name: icann.net

Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Registrar: REGISTER.COM, INC.

Whois Server: whois.register.com

Referral URL: http://www.register.com

Expiration Date: 2013-12-07

Creation Date: 1998-09-14

Last Update Date: 2008-06-27

Name Servers:

a.iana-servers.net

b.iana-servers.org

c.iana-servers.net

d.iana-servers.net

ns.icann.org

>>>Note the change in the status line.

It was hacked on the basis of a fraudulent email? No signature on the email? No phone call to verify? For fucking ICANN and IANA?

Can anyone imagine ibm.com's dns registration being moved on the basis of an email? Or apple.com?

FFS, whoever took that action really needs shooting.

So, they moved it on basis of a single email. How did they manage to get the PGP SIGNATURE right?!? If they didn't, shouldn't this registrar be relieved of their duty for NOT using digital signatures?!?

//Svein

You can't say that without video evidence. They might have delivered those awfully cheesy lines in perfect lip-sync, which would make them far more likely to be American TV mini-series actors.

I mean come on, honestly the guy who read the e-mail and went yeah that's legit and then processed the request need shooting..

Oh wait maybe.... just maybe he got paid to do it..

I mean a big enough domain like that should have had a verifiable Digital signature on it that and have been verified 1st and not but simply hitting the reply button, but by looking up who registered domain and finding the e-mail address(es) attached to it and using them..

If it's that easy I'm off to redirect Microsoft.com to somewhere nice like itssnafud.com

Lets be realistic. Sending a creative email to a group of obviously retarded engineers to change DNS pointers for the domain is no feat, just proof that some of our key infrastructure people are not taking their jobs seriously or should be fired for incompetence. Give me the job and I'll make sure any retarded attempt like this is triple verified with top management before implementation.

By the way, anybody notice these hackers can't spell? "Everybody knows wrong" should be "Everyone knows better". They're obviously using Google Translator.

And come on, SQL Injection? Yet another example of newby coders implementing systems from script kitty code without fully understanding the fundemantal security checks for any interactive sql system. Anyone hear of escaping single quotes for input strings?

SomeSQL = SELECT FROM table WHERE column = ' " + variable.Replace(" ' "," ' ' ") + " '