Skip to main content

checkfree-breach

Holy Cow.

Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today.
First, I find it very hard to believe that you would hijack the domain for one of the world's largest payment processor and only try to install malware.

And secondly:

It appears hackers were able to hijack the company's Web sites by stealing the user name and password needed to make account changes at the Web site of Network Solutions, CheckFree's domain registrar. Susan Wade, a spokeswoman for the Herndon, Va., based registrar, said that at around 12:30 a.m. Dec. 2, someone logged in using the company's credentials and changed the address of CheckFree's authoritative domain name system (DNS) servers to point CheckFree site visitors to the Internet address in the Ukraine. DNS servers serve as a kind of phone book for Internet traffic, translating human-friendly Web site names into numeric Internet addresses that are easier for computers to handle.

"Someone got access to [CheckFree's] account credentials and was able to log in," Wade said. "There was no breach in our system."

Way to CYA and leave the customer hanging. Does Network Solutions offer a strong authentication method to prevent such an attack? I would think that Checkfree could afford to pay extra for it.

Third, this also could have been thwarted if Checkfree offered some form of mutual https authentication for their site. Their users would not have been redirected.

Update

Security Fix also points to a post about US Bank's billpay site which is here currently outputs some kind of config dump.

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom