Re: [Full-Disclosure] Teen hacker controls ebay

[Über GuidoZ <uberguidoz@xxxxxxxxx>]

I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying "Hell no! Don't do that", the changes were made.

Personally, I can't comprehend how the default for something like that
would be "Yes", as it's easy to have email get lost, stopped as spam,
overlooked, etc. The default answer should be No, which you have to
change by an email. (Not that it's difficult to spoof an email
address... hence why DNS changes and such should NEVER be done through
email.)

Password it. At least that will slow the bored teenagers like this
one... who knows, they may move on to someone else.

-- 
Peace. ~G


On Thu, 9 Sep 2004 10:02:20 +0200, Marcin Owsiany <marcin@xxxxxxxxxx> wrote:
> On Wed, Sep 08, 2004 at 01:57:27PM +0200, Florian Weimer wrote:
> > * Gaurang Pandya:
> >
> > > http://www.theinquirer.net/?article=18288 Says, a teen
> > > hacker "he had managed to become the new owner of
> > > eBay.de." can any one tell me what do they mean by
> > > this..did he actually changed ip address at DNS or its
> > > DNS Cache poisioning or something else??
> >
> > The delegation was changed because Ebay's registrar for the .DE zone,
> > TUCOWS, didn't object when asked by DENIC whether the change was
> > alright.
> 
> The "asking" was actually two programs "talking", right? Or did they
> really called one another on the phone (i.e. human to human)?
> 
> Marcin
> --
> Marcin Owsiany <marcin@xxxxxxxxxx>              http://marcin.owsiany.pl/
> GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
> 
> "Every program in development at MIT expands until it can read mail."
>                                                               -- Unknown

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html