Details on Recent DNS Hijacking
At the end of January, the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains.
Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.
Humdee • February 20, 2019 9:02 AM
Two brief remarks on the opsec of this situation. First, I feel vindicated with my practice of turning on email auto upate only when I want an update and not let it sit in the background. Yes this is a PITA but it decreases attack surface. I hope this incident prompts Google to retink it horrible practice of not allowing access to gmail unless autoupdates are turned on.
Second, regarding the fact no one noticed the one hour window. @bruce wrote years ago about how technology was so buggy it was often impossible to tell what was bug and what was attack. This case is a beautiful albeit sad reminder of that truth.