Yahoo Hacked?

whois -h whois.internic.net yahoo.com

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

YAHOO.COM.REALLY.NEEDS.TO.GET.A.CLUE.AT.JIMPHILLIPS.ORG
YAHOO.COM.IS.TRYING.TO.STEAL.YAHOO.VU.HOW.ACIDULOUS.COM
YAHOO.COM.IS.NOT.CANADIAN.ORG
YAHOO.COM.BR
YAHOO.COM.AND.SAFESEARCH.COM.AINT.NOTHING.COMPARED.TO.SHEEPSTER.COM
YAHOO.COM.AINT.NOTHIN.COMPARED.TO.SAFESEARCH.COM
YAHOO.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them
up
with "=xxx" to receive a full display for each record.

Last update of whois database: Tue, 19 Mar 2002 17:10:53 EST <<<

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

Yey..The quarterly whois database question.

Yahoo was not hacked. People have just registered nameservers that contain
the phrase yahoo.com in attempts for glory.

Regards,
Matt

Date: Tue, 19 Mar 2002 17:17:28 -0800
From: David McGaugh <david_mcgaugh@eli.net>

Search the archives. Think nameserver registration.

Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

David,

You are not testing if Yahoo is hacked, you are testing if whois is hacked.
Try 'whois microsoft.com' or 'whois aol.com' or 'whois anyone.com'...you'll
notice a lot of this. There is an explanation for this, but I'll leave that
to someone who knows more about whois than me.

thanks,
craig

Maybe it has nothing to do with it then, but No one saw a significant
decrease in traffic with Yahoo between 17:00 PST and 17:15 PST?

David McGaugh wrote:

I saw signifigant DNS server load issues on all our DNS servers this
evening beginning around that same time. It looked as if either yahoo.com
had an accident with their DNS or someone did some cache poisoning. We
were passing out SERVFAIL to anyone looking up pretty much
anything.yahoo.com...and there were lots of *.yahoo.com queries going on.

No...I don't think it has anything to do with vanity NS records as
below...but I was considering posting about the DNS issue anyway.

David McGaugh wrote:

Maybe it has nothing to do with it then, but No one saw a significant
decrease in traffic with Yahoo between 17:00 PST and 17:15 PST?

Well, yes. It appears lots of people saw it. And it was caught by
Catbird, and lasted quite long...

See http://www.catbird.com/images/yahoo.jpg

The whois server has a really loose pattern matching engine. This is actually a host record for:

JIMPHILLIPS.ORG
ACIDULOUS.COM
CANADIAN.ORG
COM.BR
SHEEPSTER.COM
SAFESEARCH.COM

The last one is what you are looking for - yahoo.com

This is becoming more and more common. Look at microsoft.com, apple.com, etc.