Anatomy of a Domain Hijacking, part 2: The Website Who Came In From The Cold

'Chip Camden' on Tue, 07 Jun 2011 22:09:53 GMT, sez:

Excellent, Leon! Welcome back.

'David H' on Tue, 07 Jun 2011 22:29:03 GMT, sez:

Благодарим Вас за Ваш визит. Пожалуйста, приходят снова.

'David H' on Tue, 07 Jun 2011 22:34:10 GMT, sez:

Boo to automatic reformatting of Cyrillic into HTML code ; )

'Barry Kelly' on Wed, 08 Jun 2011 01:55:43 GMT, sez:

I use a 10-character alpha-numeric password in turn generated from an even longer alpha-numeric passphrase (a similar mechanism to SuperGenPass and its ilk, so the generated password is different for every site I use it on); this particular source passphrase is only used for Google and a handful of high-security accounts. I estimate that, according to that seclist link you referenced (1200 attempts per account per day), with 10 billion accounts hammering away at POP it would take an average of 96 years to break into my account.

I recommend using something like SuperGenPass even with its limitations[*] all the time, because it's almost trivial and adds substantially to your security.

[*] The limitations are that the default bookmarklet is implemented via dynamic HTML in the page where the password box itself occurs. This means that a malicious page can potentially snoop on your password before it gets generated into the final password that actually gets sent across the wire, thereby getting access to the master key. This attack is mitigated by having different security levels of "master password". Any trivial crack of a password database (e.g. Gawker, Sony etc.) won't reveal your master password, and even if someone attacked the hashing algorithm, they'd still only get a weak security master key, unless they broke into your bank's website etc., in which case you have bigger problems.

'mike' on Wed, 08 Jun 2011 02:05:01 GMT, sez:

Glad it all worked out. Good of you to document this also for the benefit of the rest of us.

'Misty Fowler' on Wed, 08 Jun 2011 17:25:46 GMT, sez:

I'm so happy that your domain got hijacked! If it hadn't, then I might never have known about this site, and my life wouldn't be nearly as complete. Thanks, hackers!

P.S. I'm even more happy that you got it back.

'Jon Schneider' on Thu, 09 Jun 2011 00:00:07 GMT, sez:

That's great, Leon. I'm glad this worked out for you.

And thanks for sharing the story. I went and strengthened all of my passwords after reading Part 1...

'Steve Trefethen' on Thu, 09 Jun 2011 05:16:46 GMT, sez:

Congrats Leon. I've enjoyed your work keep it coming!

'Juan Manuel' on Thu, 09 Jun 2011 13:00:15 GMT, sez:

Nice, I was hoping for a happy ending! ;)

'Claire' on Thu, 09 Jun 2011 15:22:21 GMT, sez:

I use passwordsafe (http://passwordsafe.sourceforge.net/) and so far, so good. I did change my master pw after reading part 1 though. Glad to see you wrested control back from the hackers!

'Gregg' on Fri, 10 Jun 2011 15:55:46 GMT, sez:

Congratulations, Leon!

'OJ' on Sat, 11 Jun 2011 01:03:46 GMT, sez:

Let me guess, your Gmail password was 'meatbag'? :)

'MJ' on Tue, 26 Jul 2011 10:02:56 GMT, sez:

I've had this very annoying problem with GMail where another guy has the same user name, but with a period in between. Google says the two user names are the same, but tell that to the other guy! He signs up on Facebook, etc. using this email address (with a period), and sure enough, I get the Facebook notifications!

I enabled 2-step authentication, and the problem has become far, far less.

'CariD' on Thu, 11 Aug 2011 05:25:38 GMT, sez:

Great to know you've taken back the control of secretGeek.net! I'm happy for you! You're lucky to have Medina who made a big help. And thanks a lot for sharing the good lesson you learned out of this experience. I swear I never knew till I read this article that passwords at Google can be brute forced, if pop is enabled. It made me so disturbed but at least now now I know what to do. Thanks to you!

'vegetable oil press manufacturer' on Wed, 15 Feb 2012 05:08:32 GMT, sez:

The sponsors are definitely needing more with this. I am glad to see the work going into this. Keep up the good work.

name


website (optional)


enter the word:
 

comment (HTML not allowed)

All viewpoints welcome. But the right to delete any post for any reason is reserved. Don't make me do it. Aim for constructiveness. Comments may be republished, emailed to your loved ones or printed and used as toilet paper. Also, I get particularly nasty on comment spam. It's not worth even trying to post comment spam here -- your html is escaped, and your links are given a rel='nofollow'. By attempting to post a comment, you understand that if the comment is considered spam, at my absolute discretion, your IP address may be used as the target of a prolonged distributed denial of service attack. Your electricity might suddenly stop working. Your car tyres will go mysteriously flat. You will suffer permanent hairloss. Your dreams will be filled with terrifying monsters. And in any case I reserve the right to record and publish your IP address.

 

TimeSnapper_{Know thyself!}

TimeSnapper is a life analysis system that stores and plays-back your computer use. It makes timesheet recording a breeze, helps you recover lost work and shows you how to sharpen your act.

 

NimbleText is a Powerful FREE Tool

Use it for:

• extracting data from text
• manipulating text
• generating code

It makes you look awesome. Use it right now! Go on! Hurry! Don't walk, run!