A number of security holes have been identified on the websites of the registrars responsible for administrating .io (Indian Ocean), .ac (Ascension Island), .tm (Turkmenistan), and .sh (Saint Helena) domains.
According to EHN
, hackers have found that nic.io, nic.ac, nic.tm and nic.sh all rely on vulnerable versions of Apache server.
The hackers responsible for discovering the vulnerability are the ones who have recently “hacked” Google Turkmenistan
and other high-profile .tm domains by leveraging an SQL Injection flaw in nic.tm.
The security holes that plague these sites allow hackers to gain access to the DNS records of high-profile sites and make them look as if they’ve been hacked.
It’s worth noting that Google Saint Helena has already been defaced
, and others might follow soon if the domain registrars don’t patch up their systems.