Last Updated: 2013-06-20 10:05:52 UTC
by Johannes Ullrich (Version: 1)
LinkedIn had its DNS "hijacked". There are no details right now, but often this is the result of an attacker compromissing the account used to manage DNS servers.But so far, no details are available so this could be just a simple misconfiguration.
The issue has been resolved, but If LinkedIn is "down" for you, or if it points to a different site, then you should flush your DNS cache.
It does not appear that Linkedin uses DNSSEC (which may not have helped if the registrar account was compromissed). Your best bet to make sure you connect to the correct site is SSL. But of course, "owning" the domain may allow the attacker to create a new certificate rather quickly.
As indicated in a comment below (and some twitter messages), other sites are affected as well. Please add a comment if you find any. The fact that multiple site's NS records are affected implies that this may not be a simple compromissed registrar account.
Current, appearantly accurate, DNS replies for LinkedIn:
dig +short A linkedin.com 22.214.171.124 dig +short NS linkedin.com ns4.p43.dynect.net. ns4.linkedin.com. ns3.p43.dynect.net. ns1.p43.dynect.net. ns2.p43.dynect.net. ns1.linkedin.com. ns3.linkedin.com. ns5.linkedin.com. ns6.linkedin.com. ns2.linkedin.com.
Last Updated: 2013-06-20 01:39:36 UTC
by Guy Bruneau (Version: 1)
HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.
CVE-2013-2338 has been assigned and the following versions are impacted:
HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.
If you are impacted, HP recommends upgrading as soon as possible. The current version is available here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Please choose a specific diary above to comment