Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Register Hacked

samzenpus posted more than 2 years ago | from the down-time dept.

Security 192

First time accepted submitter rjmx writes "Looks like The Register has been hacked. Its front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker."

cancel ×

192 comments

Sorry! There are no comments related to the filter you selected.

oh shit! (5, Funny)

larry bagina (561269) | more than 2 years ago | (#37303988)

looks like the hacker retroactively stole all their credibility!

Home of the BOFH? (2)

AliasMarlowe (1042386) | more than 2 years ago | (#37304078)

Front page still hacked, but fairly harmlessly. Does that hacker know what sort of wasps' nest he may have poked his nose into? No doubt, we shall hear more from the BOFH [theregister.co.uk] .

Re:Home of the BOFH? (0)

fluffy99 (870997) | more than 2 years ago | (#37304364)

Front page still hacked, but fairly harmlessly.

The amusing thing is that had it been malicious with some unknown zero-day, that all of the slashdot lemmings would have hit the page.

Re:Home of the BOFH? (2)

jhoegl (638955) | more than 2 years ago | (#37304442)

Looks more like DNS poisoning.

Re:oh shit! (4, Informative)

KiloByte (825081) | more than 2 years ago | (#37304132)

No credibility lost, it's not them who got hacked but their DNS provider.

Re:oh shit! (0)

zonky (1153039) | more than 2 years ago | (#37304182)

So there credibility is lost. The number of businesses out there who stack everything on a $10 a year relationship is just insane. There are several business grade registrars offering decent services. Look into MelbourneIT DBMS, Markmonitor etc.

Re:oh shit! (2)

Aighearach (97333) | more than 2 years ago | (#37304312)

"their"

Re:oh shit! (5, Informative)

mickwd (196449) | more than 2 years ago | (#37304332)

Too late: his credibility is lost :D

Re:oh shit! (1)

Anonymous Coward | more than 2 years ago | (#37304412)

Their are several business grade registrars offering decent services. Look into MelbourneIT DBMS, Markmonitor etc.

Re:oh shit! (2)

turkeyfeathers (843622) | more than 2 years ago | (#37304422)

"stake"

Re:oh shit! (0)

Anonymous Coward | more than 2 years ago | (#37304236)

Screengrab here of The Register web site hacked & defaced [kelvinwong.ca] . The DNS server names mean "Egg shell'? Is that right? Who knows Turkish?

Re:oh shit! (2)

amiga3D (567632) | more than 2 years ago | (#37304242)

At least all of it in the last 6 years. Check the copyright on the page. Nice touch.

Re:oh shit! (-1, Troll)

Falconhell (1289630) | more than 2 years ago | (#37304648)

The register had credibility? Nahh, any site that allows hopeless losers like Andrew Orlowski and lewis Page a forum to air their bullshit has no credibility. Oh and Bwahahahahaha.

Oops ... (1, Offtopic)

rjmx (233228) | more than 2 years ago | (#37303990)

its, not it's. Sorry about that.

Re:Oops ... (1, Offtopic)

DWMorse (1816016) | more than 2 years ago | (#37304006)

Last time accepted submitter rjmx writes

Fixed that for you... ;)

Re:Oops ... (0, Offtopic)

XSpud (801834) | more than 2 years ago | (#37304088)

"its", not "it's", not its, not it's. Also sorry.

Re:Oops ... (1)

rjmx (233228) | more than 2 years ago | (#37304212)

And so you should be ...

Re:Oops ... (1)

clyde_cadiddlehopper (1052112) | more than 2 years ago | (#37304244)

Is it?

Re:Oops ... (0)

maxwell demon (590494) | more than 2 years ago | (#37304420)

ITYM: “ ‘its’ not ‘it's’ ”, not “its, not it's”

Re:Oops ... (1, Funny)

Forty Two Tenfold (1134125) | more than 2 years ago | (#37304164)

Neither. TITS.

Wha (0)

moogied (1175879) | more than 2 years ago | (#37303994)

Copyright 2005?? What the fuck? lol

Re:Wha (1)

Zaiff Urgulbunger (591514) | more than 2 years ago | (#37304072)

Copyright 2005?? What the fuck? lol

Also, in the source I find:
<meta content="MSHTML 6.00.2900.3698" name="GENERATOR">

Re:Wha (0)

Anonymous Coward | more than 2 years ago | (#37304294)

Also, the language code, sq, is Albanian. There's a pretty large Albanian diaspora in Turkey, but it's an interesting thing nonetheless.

Re:Wha (1)

Anonymous Coward | more than 2 years ago | (#37304148)

Slowest hacking in history?

Re:Wha (2, Funny)

Anonymous Coward | more than 2 years ago | (#37304280)

He was uploading the packets by individual pigeon.

Unfortunately, he had to breed the pigeons himself.

HAxorS (1)

UnlimitedFreakOut (1324145) | more than 2 years ago | (#37304000)

website is down, cant wait to read odds and sods when its back up.... :O)

Re:HAxorS (1)

UnlimitedFreakOut (1324145) | more than 2 years ago | (#37304046)

oh can se it now, yep, still hacked...

Re:HAxorS (5, Informative)

zonky (1153039) | more than 2 years ago | (#37304130)

Looks like a number of sites affected, all of them seem to be using netnames.co.uk as their registrar, looks like DNS Servers all changed.

DNS hack, some ok some down still, (3, Informative)

Rovastar (822365) | more than 2 years ago | (#37304548)

Using Just-Ping to check from 50+ locations around the world only 5% have what is traditionally the correct IP (212.100.234.54 according to Netcraft) or so have the current IP most say the DNS is down.
http://just-ping.com/index.php?vh=www.theregister.co.uk&c=&s=ping [just-ping.com] !

I forced an update with Netcraft it now has a record of the another IP 68.68.20.116 with different server headers which I presume is the broken site.

http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk [netcraft.com]

The hackers could have done more damage if they also increased the TTL of the domains they poisoned. 24 hours seems to be the time atm.

Re:HAxorS (1)

Anonymous Coward | more than 2 years ago | (#37304612)

Coincidentally (or not) it appears Netnames failed on this almost exactly a decade ago, here's an archive of El Reg:
http://web.archive.org/web/20090526000255/http://www.theregister.co.uk/2001/09/14/dns_megahack_hits_thousands/

Big deal (1)

Anonymous Coward | more than 2 years ago | (#37304004)

the register is shithouse anyway

Website hacked? (1)

Qlither (1614211) | more than 2 years ago | (#37304008)

Errr...UK here, seems all good to me...

Did i miss the hack? Kudos to the admin if i did. I was reading it not two hours before this too.

Re:Website hacked? (2)

Claws Of Doom (721684) | more than 2 years ago | (#37304016)

As I write, the site is still defaced. It's been up and down in the last few minutes though...

Re:Website hacked? (0)

Anonymous Coward | more than 2 years ago | (#37304020)

Seems normal to me. No defacement. USA / CA

Re:Website hacked? (1)

Inda (580031) | more than 2 years ago | (#37304044)

Fine here too.

Using Virgin Media's DNS.

Their forum has nothing...

Re:Website hacked? (1)

Claws Of Doom (721684) | more than 2 years ago | (#37304068)

With apologies to the reg's admins, I tried to get to a story I was reading earlier on, and got the following in return:

Not Found The requested URL /2011/09/02/samsung_webos_acquisition_no_not_ever/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 Server at www.theregister.co.uk Port 80

Re:Website hacked? (2, Informative)

Anonymous Coward | more than 2 years ago | (#37304128)

thats not theregisters.co.uk 404, they have a custom 404

what you are seeing is the result of DNS poisoning of your ISP, the 404 is from someone elses server
the actual site is fine and has NOT been hacked.
ps the real IP of the reg is 212.100.234.54

Re:Website hacked? (0)

Anonymous Coward | more than 2 years ago | (#37304050)

Defaced for me as well. In that case it may be just dns poisoning.

Re:Website hacked? (1)

Dupple (1016592) | more than 2 years ago | (#37304114)

In the UK here, not seen El Reg hacked at all today

Re:Website hacked? (2)

Sarten-X (1102295) | more than 2 years ago | (#37304102)

Picture of the UPS hack [imageshack.us]

It's DNS, so not much actual harm done to the targeted servers.

Slashdot needs to be hacked with Goatse. (0)

Anonymous Coward | more than 2 years ago | (#37304012)

The last hacker only hacked it with OMG ponies.

Re:Slashdot needs to be hacked with Goatse. (3, Funny)

Kiaser Zohsay (20134) | more than 2 years ago | (#37304096)

The last hacker only hacked it with OMG ponies.

Next April 1st, slashdot announces that it will accept image tags in comments. However, in preview mode all linked images will be changed to goatse. After submitting all images will be changed to Bart writing on a chalkboard "I will not post goatse images".

(c) 2005 TurkGuvenligi (4, Funny)

Lord_Naikon (1837226) | more than 2 years ago | (#37304018)

Lol, why would he care about copyright? Afraid some other hacker might steal his logo?

Re:(c) 2005 TurkGuvenligi (4, Informative)

godrik (1287354) | more than 2 years ago | (#37304036)

If they do that would be illegal!

Re:(c) 2005 TurkGuvenligi (2)

hattable (981637) | more than 2 years ago | (#37304410)

Sadly enough if they took that to a US court he would probably win.

Re:(c) 2005 TurkGuvenligi (0)

Anonymous Coward | more than 2 years ago | (#37304326)

actually he stole my logo.. I paid to have a logo designed several years ago for my website..

Site wasn't hacked, DNS was (3, Informative)

Anonymous Coward | more than 2 years ago | (#37304028)

If you saw the "hacked" page, you were being routed to a different server.

Re:Site wasn't hacked, DNS was (4, Informative)

Rhodri Mawr (862554) | more than 2 years ago | (#37304100)

Mod parent up. This appears to be a case of DNS cache poisoning. Notably www.reghardware.com is unaffected.

Re:Site wasn't hacked, DNS was (2)

IonOtter (629215) | more than 2 years ago | (#37304116)

Uhmmm...actually, I kinda wish the site itself had been hacked? Knowing this makes me feel more than a little queasy...

Lessee...

Name servers:
ns1.yumurtakabugu.com
ns2.yumurtakabugu.com

C:\Users\ionotter>ping www.theregister.co.uk

Pinging theregister.co.uk [68.68.20.116] with 32 bytes of data:
Reply from 68.68.20.116: bytes=32 time=99ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41

Ping statistics for 68.68.20.116:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
        Minimum = 90ms, Maximum = 99ms, Average = 92ms

Hmmmm. When I try to go to the site via the IP address, I get...

"The server at 68.68.20.116 is taking too long to respond."

Re:Site wasn't hacked, DNS was (0)

Anonymous Coward | more than 2 years ago | (#37304150)

try the registers real IP

212.100.234.54

DNS poisoning != theregister hacked

i would be more concerned about your ISP though, as the site resolves fine in the UK

Re:Site wasn't hacked, DNS was (1)

Angostura (703910) | more than 2 years ago | (#37304354)

Not resolving here using VirginMedia in East London, currently.

Re:Site wasn't hacked, DNS was (2)

owlstead (636356) | more than 2 years ago | (#37304486)

Poor buggers, their own site forwards you to www.theregister.co.uk :) So even entering the IP address won't work. If it is forwarding me, I think the server is still happily serving requests, to no avail. Yup, changing the hosts file has the wanted result all right.

Oh, and I've seen very few articles from the reg during Sunday, so they might be waiting for the work week to begin, sleeping off their weekend beers.

Re:Site wasn't hacked, DNS was (0)

Anonymous Coward | more than 2 years ago | (#37304238)

Tracing route to 212.100.234.54 over a maximum of 30 hops

    6 14 ms 23 ms 15 ms 66.163.78.62
    7 170 ms 170 ms 172 ms linx.edge3.lon.rackspace.net [195.66.224.116]
    8 171 ms 168 ms 199 ms vl911.core6a.lon3.rackspace.net [92.52.76.204]
    9 174 ms 176 ms 174 ms aggr321a-2-core6a.lon3.rackspace.net [92.52.77.19]
  10 175 ms 167 ms 166 ms 212.100.234.54

Trace complete.

Versus right now:
Tracing route to theregister.co.uk [68.68.20.116]
over a maximum of 30 hops:

  11 89 ms 97 ms 108 ms xe-0-3-0-204.nyc30.ip4.tinet.net [213.200.66.233]
  12 106 ms 95 ms 133 ms xe-4-1-0.nyc20.ip4.tinet.net [89.149.183.49]
  13 93 ms 97 ms 90 ms bluemile-gw.ip4.tinet.net [173.241.128.2]
  14 82 ms 84 ms 83 ms 76.10.193.133
  15 84 ms 82 ms 84 ms 68.68.24.178.customer.bluemilenetworks.com [68.68.24.178]
  16 83 ms 81 ms 88 ms 68.68.20.116.customer.bluemilenetworks.com [68.68.20.116]

Trace complete.

Someone changed the DNS servers:
Domain name:
                theregister.co.uk

        Registrant:
                Linus Birtles

        Trading as:
                The Register

        Registrant type:
                UK Sole Trader

        Registrant's address:
                Situation Publishing Limited
                PO Box 478
                Southport
                PR8 2ZW
                United Kingdom

        Registered through:
                NetNames Limited
                URL: http://www.netnames.co.uk

        Registrar:
                Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
                URL: http://www.ascio.com

        Relevant dates:
                Registered on: before Aug-1996
                Renewal date: 14-Mar-2012
                Last updated: 04-Sep-2011

        Registration status:
                Registered until renewal date.

        Name servers:
                ns1.yumurtakabugu.com
                ns2.yumurtakabugu.com

        WHOIS lookup made at 22:05:11 04-Sep-2011

Still Hacked... (1)

IonOtter (629215) | more than 2 years ago | (#37304038)

As of 2025 GMT, I'm still seeing the "hacked" page. Since I haven't specifically been to El Reg in over a week, I'm not seeing a cached copy.

As for the "hack"?

Wow. Going to be a very interesting read come Monday morning?

Re:Still Hacked... (0)

Anonymous Coward | more than 2 years ago | (#37304464)

Posting 14 years from the future?

Re:Still Hacked... (1)

flimflammer (956759) | more than 2 years ago | (#37304520)

They must have done a number on that DNS server to keep it in this state for 14 years.

UPS.com too (1)

madsci1016 (1111233) | more than 2 years ago | (#37304064)

People are complain on twitter about him taking down UPS.com too. I only get a DNS error from them. This has to be a DNS hack.

Re:UPS.com too (0)

Anonymous Coward | more than 2 years ago | (#37304140)

Definitely DNS.

From my ISP for theregister.co.uk AND ups.com

68.68.20.116

From Google's DNS servers (8.8.8.8):

theregister.co.uk

72.3.246.59

ups.com
153.2.224.50
153.2.228.50

Re:UPS.com too (0)

Anonymous Coward | more than 2 years ago | (#37304262)

I have no problem with UPS.com, but then, I live in Sweden.

Re:UPS.com too (1)

datapharmer (1099455) | more than 2 years ago | (#37304390)

your dns just hasn't been refreshed either by you or your provider - the issue is actually with the whois record being updated so the authoritative nameservers are set to ns1.yumurtakabugu.com and ns2.yumurtakabugu.com. As a result this can take a while to finish propagating and can take a while to fix!

Re:UPS.com too (0)

Anonymous Coward | more than 2 years ago | (#37304536)

You wouldn't need to guess if you RTFA..

False flag (-1)

Anonymous Coward | more than 2 years ago | (#37304070)

It's front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker.

Personally I blame Israel - they love doing false flag ops and it's pretty obvious after Turkey just said they were going to escort the next Gaza fleet. This is jews lying and deceiving and finger pointing to get their way, again.

Re:False flag (0)

Anonymous Coward | more than 2 years ago | (#37304250)

Did you also know Teh Juice are putting dirty Jew particulates in the air? Quick! Hold your breath or you'll get them! Keep holding it! Keep holding...

/. is cruel! (1)

I'm Not There (1956) (1823304) | more than 2 years ago | (#37304076)

And you slashdot their homepage at the same time? Poor admins!

whois records look hacked (0)

Anonymous Coward | more than 2 years ago | (#37304090)

root@bt:/root# whois theregister.co.uk

        Domain name:
                theregister.co.uk

        Registrant:
                Linus Birtles

        Trading as:
                The Register

        Registrant type:
                UK Sole Trader

        Registrant's address:
                Situation Publishing Limited
                PO Box 478
                Southport
                PR8 2ZW
                United Kingdom

        Registered through:
                NetNames Limited
                URL: http://www.netnames.co.uk/ [netnames.co.uk]

        Registrar:
                Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
                URL: http://www.ascio.com/ [ascio.com]

        Relevant dates:
                Registered on: before Aug-1996
                Renewal date: 14-Mar-2012
                Last updated: 04-Sep-2011

        Registration status:
                Registered until renewal date.

        Name servers:
                ns1.yumurtakabugu.com
                ns2.yumurtakabugu.com

        WHOIS lookup made at 21:34:15 04-Sep-2011

Re:whois records look hacked (1)

Gonoff (88518) | more than 2 years ago | (#37304110)

What looks wrong with that?

I came to /. from there it was working fine. Not hacked or slashdotted. (Using OpenDNS)

Don't underestimate the PFY! (0)

Anonymous Coward | more than 2 years ago | (#37304104)

The Turkish thing is just misdirection.

ups.com acer.com vodafone.com ... (2)

nicesecurity (1198689) | more than 2 years ago | (#37304106)

Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info [zone-h.org] From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ [theregister.co.uk] "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."

Re:ups.com acer.com vodafone.com ... (0)

Anonymous Coward | more than 2 years ago | (#37304136)

Looking at a few of them, whois update date of today. Nameservers been changed to things like: ns1.yumurtakabugu.com

Re:ups.com acer.com vodafone.com ... (2)

nicesecurity (1198689) | more than 2 years ago | (#37304142)

DNS hack. This is why it doesn't appear for everybody.. yet. Check their whois, they STILL all have these DNS: Domain servers in listed order: ns1.yumurtakabugu.com (NSYUMURT1119540) ns2.yumurtakabugu.com (NSYUMURT1119541)

Re:ups.com acer.com vodafone.com ... (0)

Anonymous Coward | more than 2 years ago | (#37304194)

All of the hijacked domains are registered at the same Danish registrar, Ascio.com (ASCIO TECHNOLOGIES, INC). They probably has some vulnerability this TurkGuvenligi character exploited. Watch out if you have any domains registered there. I had one there long ago, but support was terrible (the only way to change nameservers was to email them and wait days, perhaps ironic given the current situation), so I transferred it out.

As a long term Register reader ... (0)

Anonymous Coward | more than 2 years ago | (#37304146)

I can confirm that this supports our view that AGW is a hoax.

Hacked nameservers hosted in the USA (1)

Anonymous Coward | more than 2 years ago | (#37304170)

along with lots of spammy sites ? dont you guys have a police force ? or is the USA still a spammers haven ?

http://www.robtex.com/ip/67.228.37.8.html [robtex.com]

Re:Hacked nameservers hosted in the USA (1)

Dunbal (464142) | more than 2 years ago | (#37304208)

Nah, Hollywood is just not interested in having their boys - sorry, the FBI- do something about this. There's no movies involved.

Never mind... (1)

ajo_arctus (1215290) | more than 2 years ago | (#37304172)

Looks like a DNS hack, which'd explain why some people are seeing it come back to life and others aren't -- all depends on ISP DNS servers (cacheing and whatnot).

Anyway, can't say I'm particularly bothered. Once upon a time, about 7 years ago, the Register went downhill so badly that I stopped visiting it all together. They had a bone-headed editorial style that made them seem arrogant, dim-witted and sometimes just unpleasant. These days, whenever I accidentally follow a YC HackerNews link there (from Twitter), it looks like they're basically the same now as then.

The tipping point for me came when some idiot on their staff wrote an article complaining that Google had drawn a special logo for a world water day, but not for St. George's day (an silly English thing that we have every year). It looks like a joke in bad taste, but I don't think it was - not least because the guy that wrote tended to have a 'toxic' element in most of his writing. I've seen a few articles since showing their scepticism of climate change, wheeling out the usual 'aren't we so clever for being able to think for ourselves' bullshit despite clearly not having 'a fucking clue'.

I guess their tech coverage was OK, but their opinions got right up my nose.

Re:Never mind... (0)

Anonymous Coward | more than 2 years ago | (#37304298)

They seem to have become 'The Sun' for 'techies'

Re:Never mind... (2)

St.Creed (853824) | more than 2 years ago | (#37304322)

In that case, we just witnessed an eclipse :)

Re:Never mind... (0)

Anonymous Coward | more than 2 years ago | (#37304366)

These weren't articles by Andrew Orlowski were they? (https://secure.wikimedia.org/wikipedia/en/wiki/Andrew_Orlowski)

All his articles seem to be arrogant and bitter nonsense and almost had me turn away from El Reg.

These days I just skip anything I see that's come from him...

Re:Never mind... (0)

Anonymous Coward | more than 2 years ago | (#37304398)

> their scepticism of climate change

You'll find that's now called "climate change" since it became abundantly clear that the world was in fact not getting any warmer.

Nothingofvaluewaslost tag (-1)

Anonymous Coward | more than 2 years ago | (#37304178)

Wow, what a stupid tag to apply to the story. The Register is an awesome site (if you can understand the British humour at times).

Re:Nothingofvaluewaslost tag (2)

Spad (470073) | more than 2 years ago | (#37304334)

Not really. It's a pretty decent news site with a horrible tabloid editorial slant.

When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.

Corrections (5, Informative)

Artem Tashkinov (764309) | more than 2 years ago | (#37304222)

If cannot live without The Register, put into your hosts file

Linux: /etc/hosts
Windows: C:\windows\system32\drivers\etc\host

these two lines:

72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

Re:Corrections (4, Insightful)

NickFortune (613926) | more than 2 years ago | (#37304646)

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

... which is actually kind of cool, seeing as how the Slashdot Effect seems to be wreaking it's usual havoc on the hacker's servers.

Every now and then, reality self-organises in the direction of justice.

meta content="MSHTML 6.00.2900.3698" name="GENERA (2)

aembleton (324527) | more than 2 years ago | (#37304228)

theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.

There you are, Microsoft aid crackers.

/sarcasm

cracked, not hacked (0)

Anonymous Coward | more than 2 years ago | (#37304240)

http://www.gnu.org/philosophy/words-to-avoid.html#Hacker

Re:cracked, not hacked (1)

spatley (191233) | more than 2 years ago | (#37304396)

I know we all get it. A hacker is not a criminal, a hacker is one who likes to tinker and break new ground by using tools for things other than they were intended. Kevin Mitnick was not a hacker, Nikola Tesla was a hacker. I agree the distinction is important. But guess what, we lost that fight.

The best thing we can do today is to come up with another word that means what hacker used to mean.

How about bit wrangler? Or just come up with something yourself and start using it and let the best jargon win. But hacker has been lost to us, it is no longer our word. You dig?

wtf is a yumurtakabugu? (1)

sgt scrub (869860) | more than 2 years ago | (#37304258)

host -t NS theregister.co.uk
theregister.co.uk name server ns2.yumurtakabugu.com.
theregister.co.uk name server ns3.yumurtakabugu.com.
theregister.co.uk name server ns1.yumurtakabugu.com.
theregister.co.uk name server ns4.yumurtakabugu.com.

Re:wtf is a yumurtakabugu? (0)

Anonymous Coward | more than 2 years ago | (#37304282)

turkish for "egg shell"

Re:wtf is a yumurtakabugu? (3, Interesting)

nomad63 (686331) | more than 2 years ago | (#37304328)

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...
On the technical side, I think if you are clever enough to come to /., you can check with any whois gateway to see who yumurtakabugu.com it belongs to. But I bet dollars to your pocket lint that, it is also a hacked site.

Re:wtf is a yumurtakabugu? (1)

93 Escort Wagon (326346) | more than 2 years ago | (#37304514)

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...

Okay, WHERE WERE YOU when The Register's DNS provider was hacked?

Can we hack the summary? (0)

Anonymous Coward | more than 2 years ago | (#37304310)

So people who have no problems keepin on top of the latest alphabet soup of the software world are completely stumped by the difference between IT IS and ITS?

Gateworld.net too (1)

Barryke (772876) | more than 2 years ago | (#37304314)

Gateworld.net is down too. FYI:

NS1.DNSPARK.NET
NS2.DNSPARK.NET
NS3.DNSPARK.NET
NS4.DNSPARK.NET
NS5.DNSPARK.NET

Also, i do not see what good is in slashdotting them at this time.

Appears fixed. (0)

Anonymous Coward | more than 2 years ago | (#37304400)

Appears fixed as of 21:49 GMT.

unfollowing an account (1)

mcantsin (2417600) | more than 2 years ago | (#37304428)

Turkguvenligi (http://twitter.com/Turkguvenligi/following) just unfollowed an account whom he was following one hour ago! YSR08 (http://twitter.com/#!/ysr08)

It's over already (1)

new_confused_mind (591949) | more than 2 years ago | (#37304560)

As shown by a `dig www.theregister.co.uk +trace`, DNS servers are returning the correct data already. Same for ups.com.

weirdness (-1)

Anonymous Coward | more than 2 years ago | (#37304586)

the rsa hack (xls file) that was uncovered recently and this seem very similar to some scientology related stuff that I ran afoul of about 8 months ago, right before this stuff happened. I am still a tech noob so I didnt want to say too much about it and thought I would just let it play itself out and see what the purpose of it was. I was running around LA and doing some basic, uh, we'll say practice penetration testing (completely non-malicious, seriously). I started to answer a bunch of ads on CL trying to get a job where I could furthering my programming, SEO and similar abilities. I got a ton more responses than in any other city I have ever lived in and started to work with a company where I was editing a yahoo store inventory in xml and csv form. I guess it was obvious that I was just teaching myself this stuff as I went along and eventually the guy that hired me sent me an XLS file that did all kinds of nastiness to my comp when I opened it. I realized, sort of, what was going on but I didnt really understand what the motivation was and was more curious than anything. At first I played like I didnt even notice the infection, except that I was monitoring the traffic from my infected machine from another box. There was some sort of traffic that would happen at startup from feeds.bbc.co.uk and feeds.bbci.co.uk. I did some searching around and found, I think you would call them linkbacks, sites that had keywords of the companies website and also scientology in the source. I am not at all a tin-foil hat type, but if you do some research on scientology, they are the sort of organization that would be able to do this stuff on a large scale. I dont give a crap about anon, but I guess I should mention that I was very vocal with the local proselytizers about the blight on the earth that is scientology before I even knew what anon was or the tactics of the scilons. I just want to get this out there in the hopes that people more technically inclined than myself can prevent bad shit from happening. I think I was just regarded as a good practice target because I look more like someone you would buy drugs from than someone with half a brain. The scilons have their hands in all sorts of businesses in the LA area apparently, but the root of this was clothingisland dot com, although they have a bunch of similarly named sites that operate in a seedy part of town (south of downtown).

DNS Hack (1)

Bert64 (520050) | more than 2 years ago | (#37304628)

Several sites, including the register and ups.com were redirected by DNS to a defacement page...

A list of the sites is at:
http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1 [zone-h.org]

It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.

Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry out the defacement.

It would appear that the registrar for the domains in question has been hacked, and the hackers chose a few high profile sites to deface.

TheBlitzBit Still Up (0)

Anonymous Coward | more than 2 years ago | (#37304630)

looks like http://theblitzbit.com/ is still pointed to the right name servers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>