[Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.

Parthajit Panda Parthajit.Panda at gmrgroup.in
Tue Feb 9 02:39:03 EST 2010


The attack so far appears to be a DNS attack.  The attack happened at the domain name registrar's end, which is Network Solutions in this case of TCS. Network Solutions is one of the top five domain name registrars on internet, managing almost 6.4 million domains.

http://economictimes.indiatimes.com/infotech/internet/TCS-falls-prey-to-cyber-attack/articleshow/5550038.cms

Regards
Parthajit

From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Muslim Koser
Sent: Monday, February 08, 2010 8:08 PM
To: nileshkumar83 at gmail.com
Cc: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org
Subject: Re: [Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.

If this is repeat attack, then, this seems to be serious and it seems twitter kind of attack which happened few weeks back.

Also as DNS servers are targeted, it would be interesting to know whether the servers were owned by TCS or third party. If it was third party then this attack might have affected other companies as well, if its TCS then there will be serious questions of security measures from their side, as it will affect their reputation badly

The repeat of this attack might mean the attack might have been planned and targeted, guess more information will be unfolded in coming days

Muslim

From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of nileshkumar83 at gmail.com
Sent: 08 February 2010 14:57
To: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org
Subject: [Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.

As per Dhruv:

>> The IP address that was resolving against the domain during
>>compromised period was: 205.178.152.154 and now after restoration its:
>>216.15.200.140. So not really network/application attack but DNS/account
>>compromise.

The site is again under attack.
The IP of TCS.com is again back to compromised one: 205.178.152.154
The tcs.com<http://tcs.com> displays the following message:

"This Domain name is for sale. Please contact us:
abed_uk at hotmail.com<mailto:abed_uk at hotmail.com>

Looks like DNS attack only.

--
Thanks & Regards,
Nilesh Kumar,
Engineer-Security| Honeywell Technology Solutions
http://www.honeywell.com/
www.nileshkumar83.blogspot.com<http://www.nileshkumar83.blogspot.com>
www.linkedin.com/in/nileshkumar83<http://www.linkedin.com/in/nileshkumar83>
Mobile- +91-9019076487
_______________________________Honeywell
Honeywell Technology Solutions Lab

________________________________
This e-mail contains information which is confidential and/or legally privileged. If you are not the intended recipient , you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please destroy it and notify us by reply e-mail or by telephone. Internet E-mail messages may be subject to delays, non-delivery and unauthorised alterations and we shall not be responsible for the consequence(s) in such event(s). All reasonable precautions have been taken to ensure no viruses are present in this E-mail. We cannot accept responsibility for loss or damage arising from the use of this E-mail or attachments and recommend that you subject these to your virus checking procedures prior to use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100209/1c186c33/attachment.html 


More information about the Owasp-delhi mailing list