Mailing List Archive

On Mon, 14 Feb 2000, Simpson, Sam wrote:

> I wonder how long it'll take them to notice...Hhhm, would you
> trust RSA with your data security now? ;)

When they read mailing lists, they should it notice in a few minutes. But
currently they still not noticed it...

What is the regular IP of www.rsa.com? Currently it is 200.24.19.252.
Maybe it's a DNS hack?


cu
Michael

On Mon, Feb 14, 2000 at 10:43:40AM +0100, Michael Roth wrote:
> On Mon, 14 Feb 2000, Simpson, Sam wrote:
>
> > I wonder how long it'll take them to notice...Hhhm, would you
> > trust RSA with your data security now? ;)
>
> When they read mailing lists, they should it notice in a few minutes. But
> currently they still not noticed it...
>
> What is the regular IP of www.rsa.com? Currently it is 200.24.19.252.
> Maybe it's a DNS hack?

It does appear to be a DNS hack or screwup of some kind. For me,
www.rsa.com resolves to 205.181.76.22, which produces the normal RSA
home page.

isenguard ~ > nslookup www.rsa.com
Server: rbs1.globalcenter.net.au
Address: 203.89.226.24

Non-authoritative answer:
Name: www.rsa.com
Address: 205.181.76.22

isenguard ~ > nslookup www.rsa.com ns1.verio.net
Server: ns1.verio.net
Address: 204.91.99.140

Name: www.rsa.com
Address: 200.24.19.252

ns1.verio.net is listed in one of the NS records for rsa.com. I haven't
checked the others.

--
Lachlan O'Dea <mailto:lodea@vet.com.au> Computer Associates Pty Ltd
Webmaster Vet - Anti-Virus Software
http://www.vet.com.au/

"If a nation expects to be ignorant and free, in a state of
civilization, it expects what never was and never will be."
- Thomas Jefferson

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here, nslookup www.rsa.com gives 205.181.76.22 and typing
http://www.rsa.com leads to the correct RSA webpage.

nslookup 200.24.19.252 gives bachue.udea.edu.co and, typing this
address in my browser, I do get the page that Sam mentions.

Best regards.

- --
Michel Bouissou <michel@bouissou.net> PGP DH/DSS ID 0x5C2BEE8F
Ca se confirme : le gouvernement chinois veut imposer Linux comme
plate-forme officielle! Soutenez la lutte du peuple tibétain :
installez
Windows 2000. (in http://www.zipiz.com )

- ----- Message d'origine -----
De : Michael Roth <mroth@nessie.de>
À : Simpson, Sam <s.simpson@mia.co.uk>
Cc : <gnupg-users@gnupg.org>
Envoyé : lundi 14 février 2000 10:43
Objet : Re: RSA.COM site hacked :)


> On Mon, 14 Feb 2000, Simpson, Sam wrote:
>
> > I wonder how long it'll take them to notice...Hhhm, would you
> > trust RSA with your data security now? ;)
>
> When they read mailing lists, they should it notice in a few
> minutes. But currently they still not noticed it...
>
> What is the regular IP of www.rsa.com? Currently it is
> 200.24.19.252. Maybe it's a DNS hack?
>
>
> cu
> Michael
>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOKfL+o7YarFcK+6PEQIdzgCgw6szzRN1mbbD5xoDzFRmSjsE1FgAn1L5
plaSKyJZvQA4YybL2mpYavLj
=IBu2
-----END PGP SIGNATURE-----

On Mon, 14 Feb 2000, Michael Roth wrote:

Hi!

> What is the regular IP of www.rsa.com? Currently it is 200.24.19.252.
> Maybe it's a DNS hack?

I get 205.181.76.22 when I do a lookup for www.rsa.com, but the wrong
page is still there.

Cheers,
Thomas
--
Thomas Bader <thomasb@trash.net>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://www.trash.net/~thomasb/>
==> Einen Unixshellaccount (alles inkl.) gibts unter http://www.trash.net

I get 200.24.19.252 for www.rsa.com, from 2 seperate routes that join at
the Amsterdam IX.

It seems to trace to Colombia.


'bye,

Mark

Yep, it looks like someone poisoned the DNS records for
one of our obsolete domains. We noticed over a day ago, and
corrected updates have been wending their way through
the Internet since. Our main domain, www.rsasecurity.com,
was never touched.

It was amusing to see traceroutes terminating in Colombia.

Peter Trei
(NOT an RSA spokesman)

> ----------
> From: Simpson, Sam[SMTP:s.simpson@mia.co.uk]
> Sent: Monday, February 14, 2000 4:08 AM
> To: John Young; ukcrypto@maillist.ox.ac.uk; cryptography@c2.net; PGP
> Users; Bruce Schneier; Coderpunks; gnupg-users@gnupg.org
> Cc: Rolfe, Adam
> Subject: RSA.COM site hacked :)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You may care to look at www.rsa.com. The current front screen
> (at 09:00am GMT 14/2/00) is the HTML file below:
>
> "Wat up whats up to all my nigs ya know who ya are n #2600 and
> whats up all my #sesame nigs and
> call rigger if ya come here bc he is the gayest fuck ;)
> 718-815-4674 all chans are on a irc server lol
>
>
> - -tek
> pBK > * also irc.segments.org ;)"
>
>
> I wonder how long it'll take them to notice...Hhhm, would you
> trust RSA with your data security now? ;)
>
>
> Cheers,
>
> Sam Simpson
> Communications Analyst
>