[adhipg]

Aren't we seeing a lot of DNS based attacks in the recent past? I remember .pk TLD was hacked not too long ago.

Considering that most of the big sites run local variants of their services using these TLDs is it fair to assume that one of these next ones could be of the phishing kind? What's the best thing to do - always use the .com hoping that it is safer?

[dsl]

This isn't a DNS issue, it's a SQL injection attack.

ICANN needs to mandate stronger requirements for best practices with web based management UIs. Unfortunately they have little in the way of real control over ccTLDs.

You'd be best served registering ccTLDs and redirecting them to your gTLD of choice (say, .com) and not trying to serve localized content from them.

[kijeda]

ICANN is not in a position to mandate such requirements for ccTLDs as they are not empowered to. ccTLD governance differs from gTLDs in that each country code is managed and overseen locally within the country. This is why there is such a diversity in ccTLD policies. For better or worse this model of subsidiarity is what we have today.

[dsl]

Which is why I said

> Unfortunately they have little in the way of real control over ccTLDs.

Hopefully NTIA can empower ICANN (as the IANA operator) to better exercise security requirements against ccTLDs. Ultimately NTIA can pull the ccTLD from the root, which is a stick we could use increase the overall security of the internet, but I would prefer we find a carrot.

[troels]

How do you know what kind of attack vector was used?

[jonknee]

Semantics. If it was an SQL injection attack, it was an SQL injection account that caused a DNS issue. No one cares about a specific SQL injection vulnerability, what matters is that a domain stopped being secure. Nothing bad happened here, but they could have made the fake page look like Google and collected a bunch of logins.