Stories
Slash Boxes
Comments

SoylentNews is people

ICANN Compromised... Again

posted by janrinok on Thursday August 06 2015, @08:46PM   Printer-friendly
from the surely-it's-not-that-difficult? dept.

takyon writes:

The Internet Corporation for Assigned Names and Numbers (ICANN) says that an "unauthorized person" obtained usernames, email addresses, and encrypted passwords for ICANN.org profile accounts. All users are required to reset their passwords. More from El Reg:

ICANN says its website's user accounts have been compromised by hackers who gained access to their names, email addresses, hashed passwords, and more.

On Wednesday, the domain-name system overlord admitted its server security was breached within the past week: an "unauthorized person" obtained account records, which included harmless info such as site preferences, and newsletter subscriptions, as well as the usernames and passwords.

Anyone can create an ICANN.org account, and they're mostly used by people working in the area of internet governance – policy makers from governments and business, network techies, trade journos, and so on.

[...] We're told the attack did not affect any IANA systems, which operate on a separate network to ICANN's. ICANN is under contract from the US government to provide the IANA functions, which include maintaining the root of the internet's global DNS, allocating IP addresses, and assigning numbers and names to protocols that glue the 'net together. ICANN wants total control of IANA.

An ICANN spokesman told The Register the account passwords were hashed using bcrypt. "There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization," he added.

"While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider."

This is not, by a long shot, the first time ICANN has been attacked. In March, a security hole was found in the dot-word domain-name portal; in April, gTLD applicants' information was exposed; in December, hackers compromised a database of DNS information; and earlier that year, security bugs delayed the launch of the new dot-word gTLDs. Perhaps, the US government would like to take another hard look at ICANN before the California-based org takes over the DNS binding together the internet.

Original Submission

 
This discussion has been archived. No new comments can be posted.
ICANN Compromised... Again | Log In/Create an Account | Top | 3 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by c0lo on Thursday August 06 2015, @10:31PM

    by c0lo (156) Subscriber Badge on Thursday August 06 2015, @10:31PM (#219297) Journal

    Perhaps, the US government would like to take another hard look at ICANN

    Is the US government made of engineers? 'Cause otherwise, I'd rather not [shopify.com], thank you.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4