Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] hushmail redirected

from [Siegfried] Network Security [Permanent Link]
Subject: [Full-disclosure] hushmail redirected
Date: Sun, 24 Apr 2005 20:10:05 +0200
hushmail got redirected for a few hours this morning, we wrote a news about it but we've been under a large ddos attack after sending it to the press, weird! hushmail posted a message on their web site saying it that network solutions was responsible (trust them or not, maybe they'll release more details later):
https://www.hushmail.com/login-status?

Here is the content of the news, before the site went offline:

Hushmail.com defaced by means of DNS redirection UPDATED
Siegfried, SyS64738 Zone-H Admins
04/24/2005

The web site hushmail.com of Hush Communications, providing secure email services, was defaced over the week-end, visitors being redirected to a different server after an attacker got access to Hushmail DNS maintenance panel.

It was first noticed very early this morning, when the domain www.hushmail.com began to redirect users to a page containing the following message: "The Secret Service is watching. -Agent Leth and Clown Jeet 3k Inc". The DNS were changed to DNS1.EVONEXUS.NET DNS2.EVONEXUS.NET while hushmail are using their own servers (NS*.HUSHMAIL.COM) and the information on the whois was hijacked:

Administrative Contact, Technical Contact:
Smith, Brian clownowns@yahoo.com
Hush Communications

Maybe the attacker got somehow this contact's password, whose email address was admn@HUSHMAIL.COM (according to the data on the whois of hush.com) and modified the data of the domain on the Network Solutions web site, their registry.

On sunday 4am GMT the page was removed, probably by burst.net, which was hosting it, the emails sent to the hushmail.com users were bounced back to the sender at the time of writing.

The attacker didn't use the web site for a malicious purpose, but it is indeed a bad news for Hush Communications, whose credibility was seriously damaged.

A mirror of the "defacement" is available here:
http://www.zone-h.org/defacements/mirror/id=2309823/

UPDATE

Currently at 08:35 AM GMT+1 the site Hushmail.com is reachable in Europe only by its IP address 65.39.178.11 while the query through DNS doesn't resolve.

Click here to view the current status of Hushmail Whois
http://www.zone-h.org/files/77/hushwhois.htm

Original article: http://www.zone-h.org/en/news/read/id=4467/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] hushmail redirected, Siegfried <=
Previous by Date:  Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], Steve Friedl
Next by Date:  [Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck], CorryL
Previous by Thread:  [Full-disclosure] [CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service, CIRT.DK Mailinglists
Next by Thread:  [Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck], CorryL
Indexes:  [Date] [Thread] [Top] [All Lists]