probably not much for very long... 
CL traffic is a bit crushy.
Well,
    NetSol?
    Is it just me or they came up a few times lately (past year) in high
profil case of DNS Hijacking?
Someone was kind enough to break into one of my domains at Register.com
-- and to their credit Register.com detected the intrusion and reported
it to me so I could go fix the problem. Perp added DNS records to my
zone file, which I deleted, and reported the incident to the owner of
the IP address.
Yes, I changed the passwords.
I hate to say this, But I think that Network Operators have not see the last of of this DNS Hijacking. Craigslist might have been a test to see how far they could get and how long it would take for it to be discovered. I hope the FBI and the other Federal agencies out there are involved with Craigslist to determine how this happened and put in safeguards in place to help prevent this from happening again.
-Mike
Michael T. Voity
Network Engineer
University of Vermont
It still seems broken in some areas. Mail is bouncing from Hotmail to
craigslist.
Anyone heard from Eugene Kashpureff lately?
Hello 1996. 
In light of the CL domain hijacking, it seems like a good time to ask
if everyone has an inventory system that keeps track of all the details
(including renewal dates) for their domain registy and SSL certificate
accounts.
If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes
in this stuff?
Cheers,
-- jra
He didn't hack the registry, he hijacked its records. And this is far from the first time a registry account was hacked. But, yeah, *still* not secure enough.
George William Herbert
He didn't hack the registry, he hijacked its records. And this is far
from the first time a registry account was hacked. But, yeah, *still*
not secure enough.
Actually, he didnât hack its records either. He exploited a bug in BIND.
Xymon has a built in test to check SSL cert expiration.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
And that was July 1997 not 96, though that does nothing to make me feel younger ...
George William Herbert
Jay Ashworth wrote:
In light of the CL domain hijacking, it seems like a good time to ask
if everyone has an inventory system that keeps track of all the details
(including renewal dates) for their domain registy and SSL certificate
accounts.If you use a tool to keep track of this, which one?
Do you have things set up in your monitoring system to watch for changes
in this stuff?
And a registrar that has an API compatible with the tool!
Miles Fidelman
And that was July 1997 not 96, though that does nothing to make me feel
younger ...
http://archive.wired.com/politics/law/news/1997/07/5325
Yep. He did it to one of my domains (besides internic.net).
...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about.
Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one.
I did get a few press quotes, though.
Your fu is weak, Randyhopper. Train harder! 
George William Herbert
>
>He didn't hack the registry, he hijacked its records. And this is far
>from the first time a registry account was hacked. But, yeah, *still*
>not secure enough.Actually, he didnât hack its records either. He exploited a bug in BIND.
And your evidence for that is what? Feel free to send to
security-officer@isc.org.
Mark
It's pretty easy to roll out a Nagios box that checks on your domains,
NS results and SSL status.
>
>He didn't hack the registry, he hijacked its records. And this is far
>from the first time a registry account was hacked. But, yeah, *still*
>not secure enough.Actually, he didnââ˘Ët hack its records either. He exploited a bug in
BIND.And your evidence for that is what? Feel free to send to
security-officer@isc.org.Mark
I could be wrong. This is what was reported by a few back in 1997. If
not true, so be it. I have no further details from something that
occurred 17 years ago.
>
> Actually, he didnât hack its records either. He exploited a bug in
BIND....returned a legit response plus a tacked-on glue record for
www.internic.net anytime you queried his nameserver, which he tricked
people into doing with mixtures of sending you mail, hitting open DNS
servers with queries for his domain, and another thing I still don't want
to talk about.Paul was more widely quoted and knew his BIND vulnerability better; he
can always out-pedant me on this one.
More a protocol bug which lead to DNSSEC, which allows you to accept
a answer from anywhere so long as it is signed and validates as
secure, which most of you have yet to deploy.
>
> >
> >He didn't hack the registry, he hijacked its records. And this is far
> >from the first time a registry account was hacked. But, yeah, *still*
> >not secure enough.
>
> Actually, he didnât hack its records either. He exploited a bug in BIND.
Ignore. Lost track of context.
Mark
A half-day with SQLite, memcached and PHP solved this need for us (auto-configures Nagios). Tracking a few hundred domains at this point.
Gosh, I really need to cleanup sources, and punt some of these little tools onto GitHub.
Gregg Berkholtz