Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
A hacker who appears to have ongoing, continuous access to Australia’s electronic health care records is selling access to any full record for 0.0089 bitcoin, or about USD22.
The Fresno, California Sheriff’s Department raided a “beehive chop shop” and uncovered $1m worth of bees stolen in “great beehive heists” that have taken place across the bee-starved state.
With just a few keystrokes, you could be the proud owner of a few dozen wireless towers, thanks to a flaw in the FCC’s Antenna Structure Registration (ASR) database. Aura Holdings of Wisconsin, Inc. is now being investigated for changing registrations for 40 towers without authorization.
Just because English has become the common global tongue doesn’t mean it’s the easiest language to write—even for native speakers. If you’re looking to improve your written communication skills, especially on your smartphone, take a look at Ginger Page.Ginger is a cross-platform app that offers corrections for phrasing as well as grammar. It’s powered by […]
The current web development landscape is rife with buzzwords and technology that gets abandoned almost as soon as it’s made. If you’ve never written a line of code before, it can be hard to figure out what’s coming, what’s here to stay, or how to get ahead.This Beginner Web Development Bundle is a great place […]
The Fader Stealth Quadcopter from TRNDlabs packs incredible flight performance into a package small enough to land on your phone screen, and it’s available now in the Boing Boing Store.The Fader’s six-axis gyroscope module gives it perfect balance in the air. This makes the onboard 720p HD camera all the better for shooting amazing flight […]