The Sony Pictures Hack is Getting All of the Attention Right about Now but, it Turns Out that, Another Prominent Organization Recently was Victim to a Security Breach as well. Last Month, ICANN, the Outfit that Regulates the Internet's Domain Names and IP Addresses, Fell Prey to a Phishing Attack that Tricked Employees into Giving Out Email Login Information. What'd the Ne'er-do-Wells Get Ahold of ? Administrative Access to All the Files in the Centralized Zone Data System. Which, as The Register Points Out, Granted the Hackers Access to Unalterable Generic Zone Files (What're Needed to Resolve Domain Names to IP Addresses) and Gifted them with Contact Information for, Among Others, Some of the World's Registry Administrators. Passwords were Stored as "Salted Cryptographic Hashes" but, ICANN Deactivated them as a Precaution Anyway. The Firm's Wiki was Breached too but, Aside from Public Information, a Members-Only Index Page and One User's Profile, No Other Private Data was Viewed.
A Few Other Areas were Breached as well, like the Organization's Blog and WHOIS Page but, the Company Doesn't Seem Too Worried about those, Saying Neither were Impacted after Discovering the Breach this Month. The Outfit, for its Part, Claims its New Security Measures Aided in Keeping Unauthorized Access to a Minimum. ICANN also Says that, Nothing Else has been Compromised either, including Internet Assigned Numbers Authority which Keeps the Web Running in Ship Shape. The Key Takeaway here is that, Humans do in Fact Run the Internet and Even they Can Get Fooled by Phishers. What's Surprising, though, is that, ICANN Didn't Require 2-Factor Authentication for Employee Email Accounts -- we're Guessing that'll Change rather Soon.
Info Sources:
https://www.icann.org/news/announcement-2-2014-12-16-en
http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files
http://gizmodo.com/icann-has-been-hacked-1672648059
_Robot_Glove_Pics_1.jpg)
0 comentários:
Enviar um comentário