Wednesday, April 22, 2009

Web Site Redirects for Coke, Microsoft and HSBC

This is just the tip of the iceberg as to what we can expect in the near future.  Again, bank websites are most at risk of these DNS Hijack's and as long as they continue to use what many consider to be obsolete "username, password" they continue to needlessly put their online banking customers at risk.  It isn't hard to imagine a scenario whereby a bank website is cloned and their DNS hijacked.  The bank's customer, completely unaware, enter's their username and password into the box.  The bad guys now go to the "real" site, enter the username and password and "voilla" complete unfettered access to that individuals account.

Of course, if Banks used HomeATM's PCI 2.0 certifed SafeTPIN Pin Entry Device for secure 2FA (2 factor authentication) log-in,  a cloned website would NOT work.  The unsuspecting banking customer would be redirected to the "hijacked" site, but instead of a username/password log-in they would be instructed to swipe their card and enter their PIN.  Since the information is encrypted inside the SAFETPIN (instead of the browser) the bad guys wouldn't have anything with which to get into the genuine site.  Same thing with cloned cards.  They wouldn't work. 

Same thing with phishing....which costs banks $350 a pop.  I'll give you 10 SafeTPIN's for $350 and reduce your phishhing attacks to zero.  Click on the graphic on the right about phish-stick-tistics  as to why that would be the best investment a bank could make.

Here's the article about the DNS hijacking...

Source: Zone-h
Complete item: http://www.zone-h.org/news/id/4708

Description:
Some Turkish defacers broke into the New Zealand based registrar Domainz.net (which belongs to MelbourneIT) and redirected some of their customers' high profile web sites to a third party server with a defaced page. Companies which had their New Zealand web sites defaced include Microsoft, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox.

The hacked websites carried the messages: "Hacked by Peace Crew" ,"STOP THE WAR ISRAEL". In addition the crackers inserted a picture of Bill Gates creampie'd on the Microsoft defacements.

It is interesting to note that the attacker going by the handle of "agd_scorp", a member of Peace Crew, hacked a big amount of MSN and microsoft.* web sites in the past (Microsoft Canada, Morocco, Tunisia, Austria, Ireland... MSN Israel, Korea, Spain, Denmark, China, Norway...).

This time they exploited a simple SQL Injection vulnerability to hack the administration panel of the registrar, where they modified the DNS records of the domains. Again, it is quite scary to see how a so big company can get hacked because of a famous programming vulnerability.

Registrars have been one of the main aims during the past months as they are often the weakest link and an easy target for attackers who want to hijack high profile web sites.

E-Secure-IT
https://www.e-secure-it.com



Reblog this post [with Zemanta]

Disqus for ePayment News