Skip to content

OPLIN 4Cast #630: Hacking the internet’s phonebook

Posted in 4cast, and DNS

There are two big breaking stories about exploits involving DNS — Domain Name Service, the “phonebook of the internet.” One involves a type of spamming attack facilitated by a vulnerability in how organizations manage their internet domains, specifically at GoDaddy.

(Moral: make sure all your domains, including the “parked” ones that you bought just in case, are fully configured on your DNS host. Hopefully it goes without saying to not let them expire.)

The other big DNS story stems from a FireEye report on a global DNS hacking campaign affecting “dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.”

(Moral: use strong passwords and authentication, and don’t re-use them across different services. Be particularly careful of the password that controls your agency’s name on the internet.)

From the Ohio Web Library: