Few days back, Pakistani Top Level domains including Google , Yahoo, Msn and more sites defaced by Turkish Hackers. Following that incident , a Pakistani hacker contacted us with a report regarding the vulnerability resides in the website. We have immediately notified about the vulnerabilities to PKNIC.
Today, PKNIC released the official statement that confirms the security breach. In an email sent to us, PKNIC informed us that the vulnerability has been fixed over the weekend.
"PKNIC became aware of a vulnerability in one of its systems which caused a total of four user accounts to be breached on Friday evening 23rd November, impacting nine DNS records, out of a total of around fifty thousand. That led to several website addresses to be redirected to a blank message page for a few hours. Several of these websites were mirrors of global sites such as google.pk, ebay.pk, etc." The official statement reads.
The changes caused by the incident were reverted within a few hours, by the PKNIC team, by late Friday night. The Team sent notification to affected accounts after the scope of the incident was identified.
The management said that website doesn't store credit card or similar financial information in its database.
"PKNIC servers were not hacked and continued to operate normally. However, the vulnerability briefly exposed some information which could be used to modify the DNS for the four accounts."
PKNIC's executive chairman Ashar Nisar said that they 've applied a new complex system to prevent from SQL injection attacks before the breach itself. However, the new system inadvertently left open a vulnerability, under certain obscure conditions and contexts, that was used in the recent security breach.
"As a result, in addition to a thorough investigation of our entire site and systems, we reverted to the simpler more robust model of filtering out everything unknown, instead of continuing to use the new system that had been tailored to the latest threats using more complicated algorithms.” He said.
The PKNIC team confirmed that there was no interruption to the root DNS or any other services provided by PKNIC. Additionally, other than the sites under the four accounts and seven DNS servers, all other .PK websites were unaffected and continued to operate normally.
Invitation for Friendly Hackers:
To improve their web security, PKNIC plan to invite hackers to test their website security. They've planned to announce the reward program for hackers who find vulnerability , as is done by leading global companies, like Google and others.
Today, PKNIC released the official statement that confirms the security breach. In an email sent to us, PKNIC informed us that the vulnerability has been fixed over the weekend.
"PKNIC became aware of a vulnerability in one of its systems which caused a total of four user accounts to be breached on Friday evening 23rd November, impacting nine DNS records, out of a total of around fifty thousand. That led to several website addresses to be redirected to a blank message page for a few hours. Several of these websites were mirrors of global sites such as google.pk, ebay.pk, etc." The official statement reads.
The changes caused by the incident were reverted within a few hours, by the PKNIC team, by late Friday night. The Team sent notification to affected accounts after the scope of the incident was identified.
The management said that website doesn't store credit card or similar financial information in its database.
"PKNIC servers were not hacked and continued to operate normally. However, the vulnerability briefly exposed some information which could be used to modify the DNS for the four accounts."
PKNIC's executive chairman Ashar Nisar said that they 've applied a new complex system to prevent from SQL injection attacks before the breach itself. However, the new system inadvertently left open a vulnerability, under certain obscure conditions and contexts, that was used in the recent security breach.
"As a result, in addition to a thorough investigation of our entire site and systems, we reverted to the simpler more robust model of filtering out everything unknown, instead of continuing to use the new system that had been tailored to the latest threats using more complicated algorithms.” He said.
The PKNIC team confirmed that there was no interruption to the root DNS or any other services provided by PKNIC. Additionally, other than the sites under the four accounts and seven DNS servers, all other .PK websites were unaffected and continued to operate normally.
Invitation for Friendly Hackers:
To improve their web security, PKNIC plan to invite hackers to test their website security. They've planned to announce the reward program for hackers who find vulnerability , as is done by leading global companies, like Google and others.