<<<
Thursday, March 20, 2008
>>>
 
Formula 1 Racing and Computer Security Posted by Mikko @ 08:36 GMT

Let's see. There's fourteen hours to go before the next Formula 1 Grand Prix starts at the Sepang circuit in Kuala Lumpur, Malaysia — not too far away from our Malaysian research lab. Will it be Räikkönen, Kovalainen, or Rosberg winning this time?

This was the question on the mind of one of our engineers when he today tried accessing the official home page of the Malaysian Grand Prix. Instead of the latest news on the heroic efforts of the Finnish F1 drivers, he got a picture of a box of laundry detergent:

Sepangd

It seems that somebody defaced the official home page, just hours before the race starts.

Interestingly, the web server itself doesn't seem to be affected. It's running just fine at its original IP address:

Sepang

What's going on here is that some clown managed to modify the DNS information of the domain malaysiangp.com.my.

Malaysiangp.com.my has nameservers under five different providers:

Sepanga

Some of them point to the original, real site:

Sepangc

…and some of them point to the defacement page, being hosted at a free hosting service at oxyhostsfree.com:

Sepangb

This change happened just hours ago — perhaps by the hacker guessing a password for the DNS management system or by using social engineering to get a provider to change the DNS IP address.

Well, at least this defacement just changed the front page. There were no exploits or malware on the site. That would have been really bad, as this site must be getting tons of traffic right now.






<<< F-Secure Security Advisory FSC-2008-2
|
Targeted Malware Attacks Against Pro-Tibet Groups >>>