Hi folk, This trend is getting worrying.... full story on Standard at http://www.standardmedia.co.ke/?articleID=2000081625&story_title=Kenya-Google-Kenya-hacked "Global technology giant Google<http://www.standardmedia.co.ke/?searchtext=Google&searchbutton=SEARCH> has been the victim of a cyber-attack. On Monday morning, their Kenyan domain google.co.ke did not have the usual doodle and search bar, instead the page splayed a black background âhackedâ stamped in red across it." [image: Inline image 1]
I brought it up a few months ago in Skunkworks, but until the .ke top level domain is signed, you can't really trust the identify of any site under .ke that doesn't use an SSL certificate (i.e. the regular google.co.ke without "https"). http://stats.research.icann.org/dns/tld_report/ I'm pretty confident that Google's systems weren't cracked and that this was something like a DNS attack on one of the ISPs or similar. -Adam https://twitter.com/varud https://www.linkedin.com/in/adamcnelson On Mon, Apr 15, 2013 at 9:52 AM, Brian Munyao Longwe <blongwe@gmail.com>wrote:
Hi folk,
This trend is getting worrying.... full story on Standard at http://www.standardmedia.co.ke/?articleID=2000081625&story_title=Kenya-Google-Kenya-hacked
"Global technology giant Google<http://www.standardmedia.co.ke/?searchtext=Google&searchbutton=SEARCH> has been the victim of a cyber-attack. On Monday morning, their Kenyan domain google.co.ke did not have the usual doodle and search bar, instead the page splayed a black background ‘hacked’ stamped in red across it."
[image: Inline image 1]
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Mon, Apr 15, 2013 at 3:02 AM, Adam Nelson <adam@varud.com> wrote:
I brought it up a few months ago in Skunkworks, but until the .ke top level domain is signed,
of course, you have to sign .co.ke AND google.co.ke for DNSSEC to mitigate against cache poisoning.
you can't really trust the identify of any site under .ke that doesn't use an SSL certificate (i.e. the regular google.co.ke without "https").
http://stats.research.icann.org/dns/tld_report/
I'm pretty confident that Google's systems weren't cracked and that this was something like a DNS attack on one of the ISPs or similar.
Probably: here is the *dig* result for *google.co.ke* from server 8.8.8.8 [dig @ 8.8.8.8 google.co.ke A] ; <<>> DiG 9.7.3 <<>> @8.8.8.8 google.co.ke A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38419 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.co.ke. IN A ;; ANSWER SECTION: google.co.ke. 300 IN A 173.194.35.152 google.co.ke. 300 IN A 173.194.35.151 google.co.ke. 300 IN A 173.194.35.159 ;; Query time: 17 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Apr 15 14:16:38 2013 ;; MSG SIZE rcvd: 78 http://whois.arin.net/rest/net/NET-173-194-0-0-1/pft -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
I think this may be more of a nameserver change through a software exploit from the registrar side...my wild guess would be whmcs. On Mon, Apr 15, 2013 at 3:19 PM, McTim <dogwallah@gmail.com> wrote:
On Mon, Apr 15, 2013 at 3:02 AM, Adam Nelson <adam@varud.com> wrote:
I brought it up a few months ago in Skunkworks, but until the .ke top level domain is signed,
of course, you have to sign .co.ke AND google.co.ke for DNSSEC to mitigate against cache poisoning.
you can't really trust the identify of any site under .ke that doesn't use an SSL certificate (i.e. the regular google.co.ke without "https").
http://stats.research.icann.org/dns/tld_report/
I'm pretty confident that Google's systems weren't cracked and that this was something like a DNS attack on one of the ISPs or similar.
Probably:
here is the *dig* result for *google.co.ke* from server 8.8.8.8 [dig @ 8.8.8.8 google.co.ke A]
; <<>> DiG 9.7.3 <<>> @8.8.8.8 google.co.ke A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38419 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;google.co.ke. IN A
;; ANSWER SECTION: google.co.ke. 300 IN A 173.194.35.152 google.co.ke. 300 IN A 173.194.35.151 google.co.ke. 300 IN A 173.194.35.159
;; Query time: 17 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Apr 15 14:16:38 2013 ;; MSG SIZE rcvd: 78
http://whois.arin.net/rest/net/NET-173-194-0-0-1/pft
-- Cheers,
McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael.musya%40gmail....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Regards, Michael Musya, Afriregister Limited. www.afriregister.co.ke I can do all things through Christ who strengthens me. Philippians 4:13
Hi Brian, Which "trend" and why is it worrying? I believe it is perfectly normal for such breaches to occur to prove a point, otherwise we'll not have any business talking about Cybersecurity. It happens to keep some people relevant, if you look at it positively. On 15 April 2013 09:52, Brian Munyao Longwe <blongwe@gmail.com> wrote:
Hi folk,
This trend is getting worrying.... full story on Standard at http://www.standardmedia.co.ke/?articleID=2000081625&story_title=Kenya-Google-Kenya-hacked
"Global technology giant Google<http://www.standardmedia.co.ke/?searchtext=Google&searchbutton=SEARCH> has been the victim of a cyber-attack. On Monday morning, their Kenyan domain google.co.ke did not have the usual doodle and search bar, instead the page splayed a black background ‘hacked’ stamped in red across it."
[image: Inline image 1]
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
participants (5)
-
Adam Nelson -
Brian Munyao Longwe -
McTim -
Musya Michael -
Odhiambo Washington