Major Secunia hijacking problemsPosted on November 26th, 2010 at 12:26 12 comments
Secunia – one of the most-respected computer security organizations, and purveyor of the Secunia PSI system checking tool – has been hacked.
A few hours ago, somebody managed to change the DNS entry for secunia.com. The DNS entry – similar to a giant Internet “phone book” number – translates the name “secunia.com” into the numbers that are used by the Internet to connect to other computers. The IP address for Secunia.com is 220.127.116.11. The DNS entry had been altered to 18.104.22.168.
Predictably, the main page for 22.214.171.124 had been defaced. Somebody calling himself TurkGuvenligi put up a sign saying “Is?ms?z Kahramanlar”: people who typed www.secunia.com into their browser address bar were greeted by that cryptic message. (Details on the SANS Internet Storm Center site .)
That’s nothing new. DNS poisoning, as it’s called, happens every day. Somebody figured out how to hijack the record at Secunia’s Domain Registrar, successfully impersonated Secunia – probably by logging on to the Domain Registrar and providing the correct incantations to access the Secunia account – and changed the DNS entry. With traffic routed to a different site, the defacement was trivial.
That isn’t the real problem. The Big Deal is that Secunia PSI, the system scanning tool, apparently connects to secunia.com. So for a couple of hours, everyone who ran Secunia PSI was bouncing off a database controlled by TurkGuvenligi. And THAT, my friends, is a big time problem.
I keep having nightmares that somebody’s going to figure out a similar way to re-route Windows Update someday. I know it can’t happen. But then again, it couldn’t happen to Secunia, could it?
12 Responses to “Major Secunia hijacking problems”
Leave a Reply