Hijacking of AV firms’ websites may be linked to hack on Network Solutions
Dan Goodin reports:
At least three high-profile websites that receive services from Network Solutions have been hijacked in recent days in attacks that are prompting speculation that the compromises are the result of a security lapse inside the popular domain registrar and Web host.
Competing antivirus providers Avira and AVG are confirmed to have been hit, as was messaging software developer Whatsapp.
Read more on Ars Technica.
IA Eng - October 10, 2013
Some sites are saying that social engineering was involved, the hackers simply either asked the rep to send a password reset, or posed as a rep for the companies. Typically all it takes is a friendly voice asking nicely, and the rep gets comfortable and hits the OK button. Bad move.
Now a days, with all the breaches and username and passwords floating around, I am sure there are people who use the same password on many sites. Only a matter of time before the breaches become easier, once an evil DB is created, or a program which uses a text file allowing massive user name and password combinations to test them out on different sites.