[dns-operations] DNS hijack - AVG, Avira and WhatsApp sites affected - seems to be a registrar compromise
Marco Davids (SIDN)
marco.davids at sidn.nl
Thu Oct 10 16:07:15 UTC 2013
On 10/10/13 5:43 PM, Dan York wrote:
>From what I gather from various reports the first three (AVG, Avira and
> WhatsApp) seem to be due to the registrar, Network Solutions, accepting
> a fake password-reset request.
> If this is the case for all of these,
It is the case indeed, I am afraid. DNS hijacking via registrar/registry
systems seems to be very popular these days.
BTW, here's the statement of Leaseweb:
> there's nothing that DNSSEC or anything else could have done here
Not entirely true. Some form of domain-locking might have helped. For
instance, we offer a protection-service, called .nl-control, where we
actually block any automated change until a few recognized
representatives have given explicit permission, both orally and in writing.
But, having said that, I am still quite concerned about this relatively
new trend. I'm afraid it won't stop here.
More information about the dns-operations