Anatomy of a Domain Hijacking, part 2: The Website Who Came In From The Cold
secretGeek .:dot Nuts about dot Net:.
home .: about .: sign up .: sitemap .: secretGeek RSS

Anatomy of a Domain Hijacking, part 2: The Website Who Came In From The Cold

When secretGeek.net was taken I swore a solemn oath to myself:

My relentless campaign of jokes and nonsense will not be stopped.

And now, just a couple of long weeks later, here I am, happy to report I'm back in control of secretGeek.net.

Right when I was ready to migrate over to leonbambrick.com, I got an email from the Russian registrar, Regtime Ltd, saying:

Sorry  for answer delay. Domain was transferred onto you account.

The number one thing, I think, that helped get the site back was when a good friend, Madina, translated a lengthy email into fluent Russian for me to send to the Russian Registrar.

She re-structured the email to put the sob-story up front, all about how much personal meaning this site has for me, and the positive effects it has had on my life. I think that did the trick.

So what did we learn?

I learnt that passwords at google can be brute forced, if pop is enabled. This can be sped up by use of multiple IP addresses, or a botnet.

That's the most likely way they got access to my account. My password was 'good' by gmail standards but is now 'freaking solid' by any standard.

And I've turned on 2-step verification, plus all the other recommendations from part 1.

Thanks for the encouragement and support. It was dark times, but now the nonsense can continue.





'Chip Camden' on Tue, 07 Jun 2011 22:09:53 GMT, sez:

Excellent, Leon! Welcome back.



'David H' on Tue, 07 Jun 2011 22:29:03 GMT, sez:

Благодарим Вас за Ваш визит. Пожалуйста, приходят снова.



'David H' on Tue, 07 Jun 2011 22:34:10 GMT, sez:

Boo to automatic reformatting of Cyrillic into HTML code ; )



'Barry Kelly' on Wed, 08 Jun 2011 01:55:43 GMT, sez:

I use a 10-character alpha-numeric password in turn generated from an even longer alpha-numeric passphrase (a similar mechanism to SuperGenPass and its ilk, so the generated password is different for every site I use it on); this particular source passphrase is only used for Google and a handful of high-security accounts. I estimate that, according to that seclist link you referenced (1200 attempts per account per day), with 10 billion accounts hammering away at POP it would take an average of 96 years to break into my account.

I recommend using something like SuperGenPass even with its limitations[*] all the time, because it's almost trivial and adds substantially to your security.

[*] The limitations are that the default bookmarklet is implemented via dynamic HTML in the page where the password box itself occurs. This means that a malicious page can potentially snoop on your password before it gets generated into the final password that actually gets sent across the wire, thereby getting access to the master key. This attack is mitigated by having different security levels of "master password". Any trivial crack of a password database (e.g. Gawker, Sony etc.) won't reveal your master password, and even if someone attacked the hashing algorithm, they'd still only get a weak security master key, unless they broke into your bank's website etc., in which case you have bigger problems.



'mike' on Wed, 08 Jun 2011 02:05:01 GMT, sez:

Glad it all worked out. Good of you to document this also for the benefit of the rest of us.



'Misty Fowler' on Wed, 08 Jun 2011 17:25:46 GMT, sez:

I'm so happy that your domain got hijacked! If it hadn't, then I might never have known about this site, and my life wouldn't be nearly as complete. Thanks, hackers!

P.S. I'm even more happy that you got it back.



'Jon Schneider' on Thu, 09 Jun 2011 00:00:07 GMT, sez:

That's great, Leon. I'm glad this worked out for you.

And thanks for sharing the story. I went and strengthened all of my passwords after reading Part 1...



'Steve Trefethen' on Thu, 09 Jun 2011 05:16:46 GMT, sez:

Congrats Leon. I've enjoyed your work keep it coming!



'Juan Manuel' on Thu, 09 Jun 2011 13:00:15 GMT, sez:

Nice, I was hoping for a happy ending! ;)



'Claire' on Thu, 09 Jun 2011 15:22:21 GMT, sez:

I use passwordsafe (http://passwordsafe.sourceforge.net/) and so far, so good. I did change my master pw after reading part 1 though. Glad to see you wrested control back from the hackers!



'Gregg' on Fri, 10 Jun 2011 15:55:46 GMT, sez:

Congratulations, Leon!



'OJ' on Sat, 11 Jun 2011 01:03:46 GMT, sez:

Let me guess, your Gmail password was 'meatbag'? :)



'MJ' on Tue, 26 Jul 2011 10:02:56 GMT, sez:

I've had this very annoying problem with GMail where another guy has the same user name, but with a period in between. Google says the two user names are the same, but tell that to the other guy! He signs up on Facebook, etc. using this email address (with a period), and sure enough, I get the Facebook notifications!

I enabled 2-step authentication, and the problem has become far, far less.



'CariD' on Thu, 11 Aug 2011 05:25:38 GMT, sez:

Great to know you've taken back the control of secretGeek.net! I'm happy for you! You're lucky to have Medina who made a big help. And thanks a lot for sharing the good lesson you learned out of this experience. I swear I never knew till I read this article that passwords at Google can be brute forced, if pop is enabled. It made me so disturbed but at least now now I know what to do. Thanks to you!




name


website (optional)


enter the word:
 

comment (HTML not allowed)


All viewpoints welcome. Incivility is not tolerated, such comments are deleted.

 

I'm the co-author of TimeSnapper, a life analysis system that stores and plays-back your computer use. It makes timesheet recording a breeze, helps you recover lost work and shows you how to sharpen your act.

 

NimbleText - FREE text manipulation and data extraction

NimbleText is a Powerful FREE Tool

I wrote this, and use it every day for:

  • extracting data from text
  • manipulating text
  • generating code

It makes you look awesome. You should use NimbleText, you handsome devil!

 

Articles

The Canine Pyramid The Canine Pyramid
Humans: A Tragedy. Humans: A Tragedy.
ACK! ACK!
OfficeQuest... Gamification for the Office Suite OfficeQuest... Gamification for the Office Suite
New product launch: NimbleSET New product launch: NimbleSET
Programming The Robot from Diary of a Wimpy Kid Programming The Robot from Diary of a Wimpy Kid
Happy new year 2014 Happy new year 2014
Downtime as a service Downtime as a service
The Shape of Your Irrationality The Shape of Your Irrationality
This is why I don't go to nice restaurants any more. This is why I don't go to nice restaurants any more.
A flowchart of what programmers do at work all day A flowchart of what programmers do at work all day
The Telepresent Man. The Telepresent Man.
Interview with an Ex-Microsoftie. Interview with an Ex-Microsoftie.
CRUMBS! Commandline navigation tool for Powershell CRUMBS! Commandline navigation tool for Powershell
Little tool for making Amazon affiliate links Little tool for making Amazon affiliate links
Extracting a Trello board as markdown Extracting a Trello board as markdown
hgs: Manage Lots of Mercurial Projects Simultaneously hgs: Manage Lots of Mercurial Projects Simultaneously
You Must Get It! You Must Get It!
AddDays: A Very Simple Date Calculator AddDays: A Very Simple Date Calculator
Google caught in a lie. Google caught in a lie.
NimbleText 2.0: More Than Twice The Price! NimbleText 2.0: More Than Twice The Price!
A Computer Simulation of Creative Work, or 'How To Get Nothing Done' A Computer Simulation of Creative Work, or 'How To Get Nothing Done'
NimbleText 1.9 -- BoomTown! NimbleText 1.9 -- BoomTown!
Line Endings. Line Endings.
**This** is how you pivot **This** is how you pivot
Art of the command-line helper Art of the command-line helper
Go and read a book. Go and read a book.
Slurp up mega-traffic by writing scalable, timeless search-bait Slurp up mega-traffic by writing scalable, timeless search-bait
Do *NOT* try this Hacking Script at home Do *NOT* try this Hacking Script at home
The 'Should I automate it?' Calculator The 'Should I automate it?' Calculator

Archives Complete secretGeek Archives

TimeSnapper -- Automated Screenshot Journal TimeSnapper: automatic screenshot journal

25 steps for building a Micro-ISV 25 steps for building a Micro-ISV
3 minute guides -- babysteps in new technologies: powershell, JSON, watir, F# 3 Minute Guide Series
Universal Troubleshooting checklist Universal Troubleshooting Checklist
Top 10 SecretGeek articles Top 10 SecretGeek articles
ShinyPower (help with Powershell) ShinyPower
Now at CodePlex

Realtime CSS Editor, in a browser RealTime Online CSS Editor
Gradient Maker -- a tool for making background images that blend from one colour to another. Forget photoshop, this is the bomb. Gradient Maker



[powered by Google] 

How to be depressed How to be depressed
You are not inadequate.



Recommended Reading


the little schemer


The Best Software Writing I
The Business Of Software (Eric Sink)

Recommended blogs

Jeff Atwood
Joseph Cooney
Phil Haack
Scott Hanselman
Julia Lerman
Rhys Parry
Joel Pobar
OJ Reeves
Eric Sink

InfoText - amazing search for SharePoint
LogEnvy - event logs made sexy
Computer, Unlocked. A rapid computer customization resource
Aussie Bushwalking
BrisParks :: best parks for kids in brisbane
PhysioTec, Brisbane Specialist Physiotherapy & Pilates
 
home .: about .: sign up .: sitemap .: secretGeek RSS .: © Leon Bambrick 2006 .: privacy

home .: about .: sign up .: sitemap .: RSS .: © Leon Bambrick 2006 .: privacy