Quick thought on domain security

This week was a hard week for security companies (and some others). Most of you might have read about the KDMS and their recent DNS-Hijacking attacks to Leaseweb, Avira, AVG, WhatsApp, Alexa and even Redtube. Today they also hijacked metasploit.com. I was actually a little bit shocked, when I read this note by HD Moore, about how they accomplished the domain hijack.

They really tricked the domain registrar by sending a DNS change request via fax- and the registrar just fell onto it. This way they could possibly take over any domain that is currently controlled by register.com. And it is important to keep this in mind.

I assume that Metasploit has a fairly good security system in place, to keep crackers and script kiddies outside their network. But all the firewalls, IDS/IPS, WAFs, Anti-DoS Appliances, etc. are worth nothing, if attackers are able to bypass all this, by just kidding your domain registrar. Make sure that you enable highest possible security settings with your services providers as well. Do they offer two-factor authentication? Just enable it. Any other security mechanism they offer... enable it! The weakest chain of your "network" doesn't always have to be directly within your network.

, , , , , , , ,

No comments yet.

Leave a Reply