lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <012b01c548f8$da75ce10$3a6e5c8b@nom4oqxygvaqy1>
Date: Sun Apr 24 19:10:12 2005
From: siegfri3d at gmail.com (Siegfried)
Subject: hushmail redirected

hushmail got redirected for a few hours this morning, we wrote a news about 
it but we've been under a large ddos attack after sending it to the press, 
weird! hushmail posted a message on their web site saying it that network 
solutions was responsible (trust them or not, maybe they'll release more 
details later):
https://www.hushmail.com/login-status?

Here is the content of the news, before the site went offline:

 Hushmail.com defaced by means of DNS redirection UPDATED
Siegfried, SyS64738 Zone-H Admins
04/24/2005

The web site hushmail.com of Hush Communications, providing secure email 
services, was defaced over the week-end, visitors being redirected to a 
different server after an attacker got access to Hushmail DNS maintenance 
panel.

It was first noticed very early this morning, when the domain 
www.hushmail.com began to redirect users to a page containing the following 
message: "The Secret Service is watching. -Agent Leth and Clown Jeet 3k 
Inc". The DNS were changed to DNS1.EVONEXUS.NET DNS2.EVONEXUS.NET while 
hushmail are using their own servers (NS*.HUSHMAIL.COM) and the information 
on the whois was hijacked:

Administrative Contact, Technical Contact:
Smith, Brian clownowns@...oo.com
Hush Communications

Maybe the attacker got somehow this contact's password, whose email address 
was admn@...HMAIL.COM (according to the data on the whois of hush.com) and 
modified the data of the domain on the Network Solutions web site, their 
registry.

On sunday 4am GMT the page was removed, probably by burst.net, which was 
hosting it, the emails sent to the hushmail.com users were bounced back to 
the sender at the time of writing.

The attacker didn't use the web site for a malicious purpose, but it is 
indeed a bad news for Hush Communications, whose credibility was seriously 
damaged.

A mirror of the "defacement" is available here:
http://www.zone-h.org/defacements/mirror/id=2309823/

UPDATE

Currently at 08:35 AM GMT+1 the site Hushmail.com is reachable in Europe 
only by its IP address 65.39.178.11 while the query through DNS doesn't 
resolve.

Click here to view the current status of Hushmail Whois
http://www.zone-h.org/files/77/hushwhois.htm

Original article: http://www.zone-h.org/en/news/read/id=4467/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ