[dsl]

This isn't a DNS issue, it's a SQL injection attack.

ICANN needs to mandate stronger requirements for best practices with web based management UIs. Unfortunately they have little in the way of real control over ccTLDs.

You'd be best served registering ccTLDs and redirecting them to your gTLD of choice (say, .com) and not trying to serve localized content from them.

[kijeda]

ICANN is not in a position to mandate such requirements for ccTLDs as they are not empowered to. ccTLD governance differs from gTLDs in that each country code is managed and overseen locally within the country. This is why there is such a diversity in ccTLD policies. For better or worse this model of subsidiarity is what we have today.

[dsl]

Which is why I said

> Unfortunately they have little in the way of real control over ccTLDs.

Hopefully NTIA can empower ICANN (as the IANA operator) to better exercise security requirements against ccTLDs. Ultimately NTIA can pull the ccTLD from the root, which is a stick we could use increase the overall security of the internet, but I would prefer we find a carrot.

[troels]

How do you know what kind of attack vector was used?

[jonknee]

Semantics. If it was an SQL injection attack, it was an SQL injection account that caused a DNS issue. No one cares about a specific SQL injection vulnerability, what matters is that a domain stopped being secure. Nothing bad happened here, but they could have made the fake page look like Google and collected a bunch of logins.