You Are Here: Home » Industry News » Turkmenistan TLD Leaks Domain Data, Unencrypted Passwords

Turkmenistan TLD Leaks Domain Data, Unencrypted Passwords

A group of pentesters in Iran have successfully breached Turkmenistans Domain Registry and gained access to the name-server management console for the registered .tm domains.

The hackers say they found a way to inject SQL code in hidden form fields with insufficient validation and input sanitization. The attack yielded a complete database dump, which one would expect to contain customer names, e-mail addresses and hashed passwords. Wrong. Just like the Romanian Domain Registry RoTLD, the Turmeni website was also storing passwords in plain text, readily available for abuse.

In the term of data gathering, we made the attack automatically and dumped all the database. Another considerable note was the passwords, they have been saved in clear text and this is an unacceptable issue for a NIC of a country,” reads the blog post (since it contains the actual dump, we won’t be linking to it here).

Among domains registered with the nic.tm website are youtube.tm, gmail.tm, intel.tm, orkut.tm, google.tm, yahoo.tm and other zillion-user-per-day sites. Since authentication to the NS management control panel is done via e-mail address and password (both leaked in plain-text), the impact of the incident is easy to grasp: an attacker could pick up any domain name from the list, craft a phishing page, then hijack the DNS entries in the control panel to the server that hosts the phony page.

It’s 2013 and most programming languages have built-in support for the most popular (and even most obscure) digest algorithms. It only takes a couple of lines to import and use the library, making the e-world a better place for your customers.

PS: If you happen to grab a copy of the leaked data, have a look at how secure the password used by world’s most prominent technology makers are.

Now, repeat after me: account security – you’re doing it wrong.

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 332

Comments (4)

  • ViRii

    your p.s. make me curious, so i search for that dump

    google99 ,laser19, motor, Norma, wendy , becool1, VApass, bombomb,sunshine

    nice passwords :))

    and, in this time that i write this post… seems that …”another NIC data leakage (NIC.LK)”

    Reply
    • Bogdan Botezatu

      I always wondered how these accounts havențt been jacked by now. Given the (lack of) complexity and its sheer predictability, it would be defeated in a matter of seconds via dictionary.

      Reply
      • ViRii

        before see that pass list, i presume that they use some pass like this
        “f7H6@#G$%^)n jh^V534G” anyway something that one time is hashed, take at least few years to brute mb5/sha/etc

        so, is possible that no one think to make dictionary pass attack, to a top level domain :))

        someone will have to answer to a question: sunshine, who is wendy? :-w

        Reply
  • nfl showdown hack

    Good day! Do you know if they make any plugins to help with Search Engine Optimization?
    I’m trying to get my blog to rank for some targeted keywords but
    I’m not seeing very good gains. If you know of any please share.
    Thank you!

    Reply

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top