lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: uberguidoz at gmail.com (Über GuidoZ)
Subject: Teen hacker controls ebay

I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying "Hell no! Don't do that", the changes were made.

Personally, I can't comprehend how the default for something like that
would be "Yes", as it's easy to have email get lost, stopped as spam,
overlooked, etc. The default answer should be No, which you have to
change by an email. (Not that it's difficult to spoof an email
address... hence why DNS changes and such should NEVER be done through
email.)

Password it. At least that will slow the bored teenagers like this
one... who knows, they may move on to someone else.

-- 
Peace. ~G


On Thu, 9 Sep 2004 10:02:20 +0200, Marcin Owsiany <marcin@...iany.pl> wrote:
> On Wed, Sep 08, 2004 at 01:57:27PM +0200, Florian Weimer wrote:
> > * Gaurang Pandya:
> >
> > > http://www.theinquirer.net/?article=18288 Says, a teen
> > > hacker "he had managed to become the new owner of
> > > eBay.de." can any one tell me what do they mean by
> > > this..did he actually changed ip address at DNS or its
> > > DNS Cache poisioning or something else??
> >
> > The delegation was changed because Ebay's registrar for the .DE zone,
> > TUCOWS, didn't object when asked by DENIC whether the change was
> > alright.
> 
> The "asking" was actually two programs "talking", right? Or did they
> really called one another on the phone (i.e. human to human)?
> 
> Marcin
> --
> Marcin Owsiany <marcin@...iany.pl>              http://marcin.owsiany.pl/
> GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
> 
> "Every program in development at MIT expands until it can read mail."
>                                                               -- Unknown

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ