Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Major Secunia hijacking problems

    Posted on November 26th, 2010 at 12:26 woody Comment on the AskWoody Lounge

    Secunia – one of the most-respected computer security organizations, and purveyor of the Secunia PSI system checking tool – has been hacked.

    A few hours ago, somebody managed to change the DNS entry for secunia.com. The DNS entry – similar to a giant Internet “phone book” number – translates the name “secunia.com” into the numbers that are used by the Internet to connect to other computers. The IP address for Secunia.com is 213.150.41.226. The DNS entry had been altered to 81.95.49.32.

    Predictably, the main page for 81.95.49.32 had been defaced. Somebody calling himself TurkGuvenligi put up a sign saying “Is?ms?z Kahramanlar”: people who typed www.secunia.com into their browser address bar were greeted by that cryptic message. (Details on the SANS Internet Storm Center site .)

    That’s nothing new. DNS poisoning, as it’s called, happens every day. Somebody figured out how to hijack the record at Secunia’s Domain Registrar, successfully impersonated Secunia – probably by logging on to the Domain Registrar and providing the correct incantations to access the Secunia account – and changed the DNS entry. With traffic routed to a different site, the defacement was trivial.

    That isn’t the real problem. The Big Deal is that Secunia PSI, the system scanning tool, apparently connects to secunia.com. So for a couple of hours, everyone who ran Secunia PSI was bouncing off a database controlled by TurkGuvenligi. And THAT, my friends, is a big time problem.

    I keep having nightmares that somebody’s going to figure out a similar way to re-route Windows Update someday. I know it can’t happen. But then again, it couldn’t happen to Secunia, could it?

    If that helped, take a second to support AskWoody on Patreon