Thank you for taking the time to report the following comment to the administrator of this site.
Please complete this short form and click the submit button to process your report.
Comment in question...
Name: kucau
Comment: Hi VR,
Rumor has it that the attacker was only using his social engineering skill to alter whois database on Mynic server. The attacker called up mynic to change UiTM MYNIC whois domain name record database by pretending he is one of Uitm Network Admins. Mynic`s personnel however did not verify his identity and obeyed to his "order". Smart! If u did whois for uitm domain on the 13th of April, the primary and secondary NS for Uitm were respectively changed to dns1.000webhost.com (64.22.110.162) and dns2.000webhost.com (75.126.210.153).
Now VR, please tell me how this open recursive request may contribute to this attack, when the fault solely lie on Mynic? Lemme quote your post about the "defacement" :
"But if you're a "World Class University", defacements like this should not happen, and should they happen, someone should at least look into it before some future graduate accidentally stumbles on the page and gets brain washed (pun intended).”
A lil bird told me drastic measures were taken by Uitm admins and the record on Mynic was reverted back ASAP. But, U should know update on the IP will take some time.
Now tell me VR how the hell this world class university can prevent this attack when they have no control over this kind of attack? You words were misleading and defamatory. If I were u, I will sincerely apologize rather than putting blame on the "open recursive request".
VR While it is entirely possible, its hard for us to run stories based on little bird speak.
1. We did check the whois for the domain as soon as we received the email. It all seemed very normal as it was pointing to uitm's servers.
2. However, when queried, we were getting mixed responses. I can agree with you that the UiTM admins might have fixed the records before we saw it, but based on the details available, we had to rule out that the MYNIC data was messed with.
3. Going back to the MYNIC argument, we really have no idea if indeed they were lax in releasing the information to a person who claimed to be a staff. I would think that it is unprecedented and foolish if that had happened. Considering that MYNIC has everything from phone numbers of the listed contacts, and a automated password recovery system - there is very little need for them to be resetting the password to a request over the phone without double checking the credentials of the caller. But unless there is solid evidence to back this up, its not right to speculate on it.
As i mentioned earlier, there are a lot of empty blanks that we do not want to speculate on. We ran the story based on the details we had on hand, and should we receive any concrete details that proof our initial conclusions wrong, we'll be more then glad to publish an apology.
We publish stories to induce awareness, not just for the sake of making someone look bad.
