Security Hole Found on IO, AC, SH, TM Domain Registrar Sites

The flaws could allow hackers to deface high-profile websites

By on January 28th, 2013 09:42 GMT

A number of security holes have been identified on the websites of the registrars responsible for administrating .io (Indian Ocean), .ac (Ascension Island), .tm (Turkmenistan), and .sh (Saint Helena) domains.

According to EHN, hackers have found that nic.io, nic.ac, nic.tm and nic.sh all rely on vulnerable versions of Apache server.

The hackers responsible for discovering the vulnerability are the ones who have recently “hacked” Google Turkmenistan and other high-profile .tm domains by leveraging an SQL Injection flaw in nic.tm.

The security holes that plague these sites allow hackers to gain access to the DNS records of high-profile sites and make them look as if they’ve been hacked.

It’s worth noting that Google Saint Helena has already been defaced, and others might follow soon if the domain registrars don’t patch up their systems.
Vulnerabilities found in the websites of domain registrars
   Vulnerabilities found in the websites of domain registrars
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments