The Register Hacked

First time accepted submitter rjmx writes "Looks like The Register has been hacked. Its front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker."

oh shit!

[larry+bagina]

looks like the hacker retroactively stole all their credibility!

Re:oh shit!

[KiloByte]

No credibility lost, it's not them who got hacked but their DNS provider.

Re:oh shit!

[zonky]

So there credibility is lost. The number of businesses out there who stack everything on a $10 a year relationship is just insane. There are several business grade registrars offering decent services. Look into MelbourneIT DBMS, Markmonitor etc.

Re:oh shit!

Screengrab here of The Register web site hacked & defaced. The DNS server names mean "Egg shell'? Is that right? Who knows Turkish?

Re:oh shit!

[amiga3D]

At least all of it in the last 6 years. Check the copyright on the page. Nice touch.

Re:oh shit!

[Aighearach]

"their"

Re:oh shit!

[mickwd]

Too late: his credibility is lost :D

Re:oh shit!

Their are several business grade registrars offering decent services. Look into MelbourneIT DBMS, Markmonitor etc.

Re:oh shit!

[turkeyfeathers]

"stake"

Re:oh shit!

[PopeRatzo]

So there credibility is lost. The number of businesses out there who stack everything on a $10 a year relationship is just insane.

Oh, I see. I didn't realize that the problems was they hadn't spent enough money on their DNS services.

Tell me, is that a new approach to network security? You just stack up piles of currency around the DNS server and then there's nothing to worry about?

I can't think of a single reason that you shouldn't expect your DNS services to be secure, no matter how little you happen to be paying for it.

Re:oh shit!

[shentino]

Your credibility is lost when your customers say it is.

Reputation's funny that way.

Re:oh shit!

[DoofusOfDeath]

looks like the hacker retroactively stole all their credibility!

You know, I hear lots of people go off on the Register's credibility, but I've never myself noticed a problem. Do you have any examples of what earned them that reputation?

Re:oh shit!

[mapinguari]

No â" just missing punctuation.
So there. Credibility is lost.

Re:oh shit!

Yes, "yumurta kabugu" does mean "egg shell" in Turkish.

Re:oh shit!

"their"

where?

Re:oh shit!

So who is the Mod who works at Elreg I wonder, some sort of hopeless loser who mods down the truth, probably Elreg staff,censorship is what they do on their comments!

The Reg has zero credibility, it is the Daily Mail of tech websites.

Re:oh shit!

[PopeRatzo]

Your credibility is lost when your customers say it is.

Since most customers only say what the marketing industry makes them think, most companies have very little to fear.

But your point is taken. Reputation is funny that way. Strange how quickly reputations can be rehabilitated when there is a sufficient marketing budget, however.

Judging from the long-form commercial I saw during one of the Sunday morning news shows today, British Petroleum is responsible for the pristine environment and smiling faces around all around the Gulf coast. I'm led to understand that before BP came along to clean it up, the Gulf was a horrible depressed mess of a place, without jobs or wildlife or American flags waving in slow motion over a happy group of shrimpers. After a few months of these spots running, I'm sure Gulf Coast schoolchildren and seniors will be writing thank you letters to the BP CEO and Board of Directors for making their world a better place. In fact, I'm pretty sure that line: "Making the world a better place" appeared in the ad. Probably flashed subliminally many times.

They're not spending money on the lavishly produced commercial without thorough research showing it will have its intended effect.

Re:oh shit!

[MrLint]

Credibility will never be the same.

Re:oh shit!

[Sulphur]

No credibility lost, it's not them who got hacked but their DNS provider.

The Buzzard brand is safe.

Re:oh shit!

There is no such company as British Petroleum.

Re:oh shit!

[Xest]

For me they didn't have any credibility to lose. I posted a response to one of Andrew Orlowski's articles the other week replying to someone that they shouldn't be surprised to see him agreeing with Murdoch as he's always had a historically right wing viewpoint.

That evening I couldn't log in, and every post I'd ever made to The Register had been deleted.

A site whose journalists can't even handle a post made summing up their political ideology in a polite, fair, and well sourced manner is quite comical. The worst part? my post was actually accepted by their moderator and in true Andrew Orlowski style was retroactively moderated away by him a few hours later (along with the account bad, and retroactive deletion of all my posts ever) I don't think Andrew likes it when he has to face intelligent response to his articles. None of their other bloggers... er I mean "journalists" are any more intelligent, although at least the others don't throw a hissy account banning, post deleting fit when someone disagrees with them. Of course, one might argue that it was my previous posts or something that got me a ban, and to an extent that's possibly true- not that I was trolling there, but that I often only posted to correct faults in their stories, to point out potential issues with their reasoning or to offer counter-opinions to their opinion pieces, but their readership seemed to agree with me as I had over 3000 upvotes against 1000 downvotes with even many of those downvotes stemming from engage in fanboy heavy discussions and daring to criticise some pet manufacturer's actions (cell phones, consoles etc.).

Then on top of that it wouldn't be so bad if it weren't for the fact Andrew Orlowski was constantly attacking sites like Wikipedia complaining about the clique there denying dissenting responses, or his complaints about CRU refusing to be transparent and open. None of that would be a problem if it weren't for the fact he himself often outright refuses to let people comment on his articles, and the few times he does, he goes through the already moderated comments and removes those that point out, with evidence, why he is wrong. At that point it's just sheer hypocrisy and any validity in the points he has to make is lost on the fact he needs to sort out his own inability to ensure he follows the facts, and accept that sometimes he may have been wrong before criticising others on it.

It's amusing too, because all I had to do to get round their ban on my account was request a new password, so it seems they're pretty technically inept too. This was made more amusing by the fact I then really did post a few troll comments to wind them up a bit, only to be banned again, to find that yep, I could still reset my password and repeated this for a few days before it got boring. I swear their admin must've been sat their thinking "How does he keep coming back?".

As you say, credibility goes as your customers say it does. Their actions have added me to the long list of people who also believe the site is a joke. The only reason to go there is for comedy - no, not the terribly written articles - I mean BOFH. But even that seems to be rarely produced now.

Really, The Register is like the internet's version of FUD filled trash papers like News of the World, The Daily Mail and so forth. It's written for the terminally stupid, and intelligent discussion is frowned upon and crushed with an iron fist. If you don't agree with Supreme Leader Andrew Orlowski's mad rantings and often nonsensical drivel then you are wrong.

So excuse me if I lol a bit when I hear they've been hacked.

Re:oh shit!

[Xest]

See my post here:

http://news.slashdot.org/comments.pl?sid=2412564&cid=37307402

Or enjoy reading through things like this, of which Google searches will turn up many:

http://www.edbott.com/weblog/2005/07/andrew-orlowski-is-a-hack/

http://paulfwalsh.com/why-andrew-orlowski-from-the-register-is-a-twat/

http://www.texttechnologies.com/2007/03/26/andrew-orlowski-berners-lee-spam-semantic-web/

http://blogs.computerworld.com/16711/why_andrew_orlowski_is_wrong_about_net_neutrality

http://ktetch.blogspot.com/2011/05/andrew-orlowski-drunk-unethical-or-just.html

But ignoring Andrew Orlowski there's countless issues with their other authors too. Lewis Page is more reasonable in allowing dissenting comment in response to his articles, but his articles are time and time again completely ignorant. He for example often criticises British defence projects citing American options as being much cheaper by pure monetary, but despite having it pointed out to him time and time again he fails to realise that a $10bn UK defence project for say, some new helicopters is still cheaper than buying the helicopters for $8bn from the US, when the UK project brings back $5bn in eventual tax, whereas the $8bn US project it's just money straight out the British economy.

Another example is the Eurofighter typhoons ground attack capabilities- he constantly derides the project because it wont have proper air to ground capabilities until 2020, but he's wrong because it wont have proper bombing capabilities until then- it's had Brimstone missiles added to it throughout this year. He ignores AGMs and focusses on bombing capability and then extrapolates that to say it can't do air to ground at all until 2020. This is complete and utter outright FUD.

He's similarly criticised the armament of Type 45 destroyers, claiming they only have two weapons or similarly, but a quick look on the Royal Navy's own website and the specs of the ships confirmed that yet again, he's completely wrong.

You can see this pattern with most of their staff- their articles are just often outright false. Where they're not false, they completely miss fundamental points. Where they don't miss fundamental points, they just outright lie.

So that's really why they have the reputation- they're just too agenda based. Their writers all vehemently pursue their own political agendas without care for facts, without care for reason, and worst of all- without care for the truth. That's not journalism, that's propaganda.

Re:oh shit!

[DoofusOfDeath]

Wow, thanks for putting all that effort into your answer. Much appreciated.

Re:oh shit!

[TheRaven64]

commercial I saw during one of the Sunday morning news shows today, British Petroleum

To be fair, if you're watching commercials from 1998 or earlier and expecting them to give you information about the world of today, then you're probably doing something wrong...

Re:oh shit!

[12WTF$]

The Buzzard brand is safe.

But has been rebranded as Turkey Vulture

Re:oh shit!

[towermac]

"without jobs or wildlife or American flags waving in slow motion over a happy group of shrimpers"

Heh. nice one.

Re:oh shit!

I thought it meant: yo' mother's so big ...

Re:oh shit!

[Sulphur]

The Buzzard brand is safe.

But has been rebranded as Turkey Vulture

Long live the Buzz; the Vult just sounds wrong.

Re:oh shit!

[Wowsers]

Customers don't bother to tell companies their credibility is lost, they just don't use the company any more.

Re:oh shit!

[Vintermann]

The Register is so bad, it's hard to believe they're not part of Gawker.

Oops ...

[rjmx]

its, not it's. Sorry about that.

Re:Oops ...

[DWMorse]

Last time accepted submitter rjmx writes

Fixed that for you... ;)

Re:Oops ...

[XSpud]

"its", not "it's", not its, not it's. Also sorry.

Re:Oops ...

[Forty+Two+Tenfold]

Neither. TITS.

Re:Oops ...

[rjmx]

And so you should be ...

Re:Oops ...

[clyde_cadiddlehopper]

Is it?

Re:Oops ...

[maxwell+demon]

ITYM: “ ‘its’ not ‘it's’ ”, not “its, not it's”

Re:Oops ...

[WidgetGuy]

Or, maybe its like PHP. A recursive acronym. Here's an example you can run from my Dropbox account. IT'S (ha!) named (of course) "TITS". If you're using the BetterPrivacy plugin for Firefox (or something similar), you'll have to disable it or the page is blocked (I guess it doesn't like HTML files named "TITS.html" -- and BTW, BetterPrivacy, what does "TITS" have to do with my privacy?).

Here's a description of what it does (and how it does it):

function TITS(String theBigT, Number bandSize, String cupSize)

Called from an HTML FORM that allows the user to select combinations of band size (ribcage size) and cup size (ahem...). The available band sizes (in inches) are: 30, 32, 34, 36, 38 and 40. The available cup sizes (in letter code) are: "AA". "A", "B", "C", "D" and "DD". The greater the band size, the larger the font. The greater the cup size, the brighter the font color. The idea being that 40AA, while large in font size, is still kind of hard to see. Whereas 30DD, while tiny in font size, is still quite visible. And, 30AA? Well, you really gotta look for 'em!

The recursion is controlled by band size. So, a band size of 38 will result in the acronym being recursively generated 38 times.The resulting string is displayed like so:

"TITS TITS TITS...(34 more TITS)...TITS"

It ain't very scientific (or even useful), but it's kind of fun (and a little creepy too -- oh, well).

At last, all that college has paid off!!

Wha

[moogied]

Copyright 2005?? What the fuck? lol

Re:Wha

[Zaiff+Urgulbunger]

Copyright 2005?? What the fuck? lol

Also, in the source I find:
<meta content="MSHTML 6.00.2900.3698" name="GENERATOR">

Re:Wha

Slowest hacking in history?

Re:Wha

He was uploading the packets by individual pigeon.

Unfortunately, he had to breed the pigeons himself.

Re:Wha

Also, the language code, sq, is Albanian. There's a pretty large Albanian diaspora in Turkey, but it's an interesting thing nonetheless.

Re:Wha

There are Albanian-descent people in Turkey. Not many --probably a few hundred thousand. But, I doubt they would be behind this: They have long forgotten their lang and cannot read/write Albanian.

HAxorS

[UnlimitedFreakOut]

website is down, cant wait to read odds and sods when its back up.... :O)

Re:HAxorS

[UnlimitedFreakOut]

oh can se it now, yep, still hacked...

Re:HAxorS

[zonky]

Looks like a number of sites affected, all of them seem to be using netnames.co.uk as their registrar, looks like DNS Servers all changed.

Re:HAxorS

Coincidentally (or not) it appears Netnames failed on this almost exactly a decade ago, here's an archive of El Reg:
http://web.archive.org/web/20090526000255/http://www.theregister.co.uk/2001/09/14/dns_megahack_hits_thousands/

Re:HAxorS

[Onymous+Coward]

Where did you find the registrar for The Register? The whois information I get says

Registrar:
        Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
        URL: http://www.ascio.com/

Big deal

the register is shithouse anyway

Website hacked?

[Qlither]

Errr...UK here, seems all good to me...

Did i miss the hack? Kudos to the admin if i did. I was reading it not two hours before this too.

Re:Website hacked?

[Claws+Of+Doom]

As I write, the site is still defaced. It's been up and down in the last few minutes though...

Re:Website hacked?

Seems normal to me. No defacement. USA / CA

Re:Website hacked?

[Inda]

Fine here too.

Using Virgin Media's DNS.

Their forum has nothing...

Re:Website hacked?

Defaced for me as well. In that case it may be just dns poisoning.

Re:Website hacked?

[Claws+Of+Doom]

With apologies to the reg's admins, I tried to get to a story I was reading earlier on, and got the following in return:

Not Found The requested URL /2011/09/02/samsung_webos_acquisition_no_not_ever/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 Server at www.theregister.co.uk Port 80

Re:Website hacked?

[Sarten-X]

Picture of the UPS hack

It's DNS, so not much actual harm done to the targeted servers.

Re:Website hacked?

[Dupple]

In the UK here, not seen El Reg hacked at all today

Re:Website hacked?

thats not theregisters.co.uk 404, they have a custom 404

what you are seeing is the result of DNS poisoning of your ISP, the 404 is from someone elses server
the actual site is fine and has NOT been hacked.
ps the real IP of the reg is 212.100.234.54

Re:Website hacked?

[symbolset]

US here. Been on the site all day, since long before the report. Never hacked from here. Looks like DNS.

Re:Website hacked?

[vtcodger]

Hmmm. I see them at 72.3.246.59 where they are responding to pings. The site called up from that IP looks like the Register.. I never thought about it before, but the page information from opera and konqueror doesn't seem to tell me what the IP I'm looking at is when I feed them a URL. Probably there's a stunningly obvious way to get the IP and I just need some sleep.

Slashdot needs to be hacked with Goatse.

The last hacker only hacked it with OMG ponies.

Re:Slashdot needs to be hacked with Goatse.

[Kiaser+Zohsay]

The last hacker only hacked it with OMG ponies.

Next April 1st, slashdot announces that it will accept image tags in comments. However, in preview mode all linked images will be changed to goatse. After submitting all images will be changed to Bart writing on a chalkboard "I will not post goatse images".

Re:Slashdot needs to be hacked with Goatse.

Bart writing on a chalkboard

Blackboard............. HTH

(c) 2005 TurkGuvenligi

[Lord_Naikon]

Lol, why would he care about copyright? Afraid some other hacker might steal his logo?

Re:(c) 2005 TurkGuvenligi

[godrik]

If they do that would be illegal!

Re:(c) 2005 TurkGuvenligi

actually he stole my logo.. I paid to have a logo designed several years ago for my website..

Re:(c) 2005 TurkGuvenligi

[hattable]

Sadly enough if they took that to a US court he would probably win.

Re:(c) 2005 TurkGuvenligi

[metrix007]

Why is that sad? He could claim ownership of the logo without conceding to any wrongdoing. Better a court that doesn't assume guilt by association on an unrelated matter....

Re:(c) 2005 TurkGuvenligi

It looks slashdotted now.

Re:(c) 2005 TurkGuvenligi

Judging by one of the comments on the article, he actually stole the logo from some other website.

Re:(c) 2005 TurkGuvenligi

[xenobyte]

Reminds me of this super-stupid dude who went to the police to report his 'stash' stolen. He knew who did it and the police went with the dude to the home of the thief, and bingo - there was a big bag of weed. The police then asked him to identify it, and he confirmed "yeah, that is mine!". Presto, the police arrested him for possession and the guy that took it for theft and possession... Stupid...

Re:(c) 2005 TurkGuvenligi

Most jurisdictions do take unlawful conduct into account though. For instance, if you've just robbed a bank and are fleeing and someone hits your car and causes whiplash, you wouldn't be allowed to sue due to your illegal activities at the time, even if it was provably 100% their fault.

Site wasn't hacked, DNS was

If you saw the "hacked" page, you were being routed to a different server.

Re:Site wasn't hacked, DNS was

[Rhodri+Mawr]

Mod parent up. This appears to be a case of DNS cache poisoning. Notably www.reghardware.com is unaffected.

Re:Site wasn't hacked, DNS was

[IonOtter]

Uhmmm...actually, I kinda wish the site itself had been hacked? Knowing this makes me feel more than a little queasy...

Lessee...

Name servers:
ns1.yumurtakabugu.com
ns2.yumurtakabugu.com

C:\Users\ionotter>ping www.theregister.co.uk

Pinging theregister.co.uk [68.68.20.116] with 32 bytes of data:
Reply from 68.68.20.116: bytes=32 time=99ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41

Ping statistics for 68.68.20.116:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
        Minimum = 90ms, Maximum = 99ms, Average = 92ms

Hmmmm. When I try to go to the site via the IP address, I get...

"The server at 68.68.20.116 is taking too long to respond."

Re:Site wasn't hacked, DNS was

try the registers real IP

212.100.234.54

DNS poisoning != theregister hacked

i would be more concerned about your ISP though, as the site resolves fine in the UK

Re:Site wasn't hacked, DNS was

Tracing route to 212.100.234.54 over a maximum of 30 hops

    6 14 ms 23 ms 15 ms 66.163.78.62
    7 170 ms 170 ms 172 ms linx.edge3.lon.rackspace.net [195.66.224.116]
    8 171 ms 168 ms 199 ms vl911.core6a.lon3.rackspace.net [92.52.76.204]
    9 174 ms 176 ms 174 ms aggr321a-2-core6a.lon3.rackspace.net [92.52.77.19]
  10 175 ms 167 ms 166 ms 212.100.234.54

Trace complete.

Versus right now:
Tracing route to theregister.co.uk [68.68.20.116]
over a maximum of 30 hops:

  11 89 ms 97 ms 108 ms xe-0-3-0-204.nyc30.ip4.tinet.net [213.200.66.233]
  12 106 ms 95 ms 133 ms xe-4-1-0.nyc20.ip4.tinet.net [89.149.183.49]
  13 93 ms 97 ms 90 ms bluemile-gw.ip4.tinet.net [173.241.128.2]
  14 82 ms 84 ms 83 ms 76.10.193.133
  15 84 ms 82 ms 84 ms 68.68.24.178.customer.bluemilenetworks.com [68.68.24.178]
  16 83 ms 81 ms 88 ms 68.68.20.116.customer.bluemilenetworks.com [68.68.20.116]

Trace complete.

Someone changed the DNS servers:
Domain name:
                theregister.co.uk

        Registrant:
                Linus Birtles

        Trading as:
                The Register

        Registrant type:
                UK Sole Trader

        Registrant's address:
                Situation Publishing Limited
                PO Box 478
                Southport
                PR8 2ZW
                United Kingdom

        Registered through:
                NetNames Limited
                URL: http://www.netnames.co.uk

        Registrar:
                Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
                URL: http://www.ascio.com

        Relevant dates:
                Registered on: before Aug-1996
                Renewal date: 14-Mar-2012
                Last updated: 04-Sep-2011

        Registration status:
                Registered until renewal date.

        Name servers:
                ns1.yumurtakabugu.com
                ns2.yumurtakabugu.com

        WHOIS lookup made at 22:05:11 04-Sep-2011

Re:Site wasn't hacked, DNS was

[Angostura]

Not resolving here using VirginMedia in East London, currently.

Re:Site wasn't hacked, DNS was

[owlstead]

Poor buggers, their own site forwards you to www.theregister.co.uk :) So even entering the IP address won't work. If it is forwarding me, I think the server is still happily serving requests, to no avail. Yup, changing the hosts file has the wanted result all right.

Oh, and I've seen very few articles from the reg during Sunday, so they might be waiting for the work week to begin, sleeping off their weekend beers.

Re:Site wasn't hacked, DNS was

In Atlanta, the IP I get back for www.theregister.co.uk is in a RackSpace datacenter in Dallas Texas: 72.3.246.59

Still Hacked...

[IonOtter]

As of 2025 GMT, I'm still seeing the "hacked" page. Since I haven't specifically been to El Reg in over a week, I'm not seeing a cached copy.

As for the "hack"?

Wow. Going to be a very interesting read come Monday morning?

Re:Still Hacked...

Posting 14 years from the future?

Re:Still Hacked...

[flimflammer]

They must have done a number on that DNS server to keep it in this state for 14 years.

Re:Still Hacked...

[JWSmythe]

    Nah, it's probably that new metric time. So roughly at 2025.2472500. :)

Re:Still Hacked...

[LordLimecat]

Its a DNS hack with a 24 hr TTL. Might take a while for service to resume. (Though I think Google DNS ignores TTL, so that might be fixed sooner than others).

Re:Still Hacked...

[KingAlanI]

24 hour clock: 2025 = 8:25 PM

Re:Still Hacked...

[rapiddescent]

24 hr clock (GMT), but the UK is 1 hour ahead (BST) so it was probably 2125Hrs (9.25pm)

UPS.com too

[madsci1016]

People are complain on twitter about him taking down UPS.com too. I only get a DNS error from them. This has to be a DNS hack.

Re:UPS.com too

Definitely DNS.

From my ISP for theregister.co.uk AND ups.com

68.68.20.116

From Google's DNS servers (8.8.8.8):

theregister.co.uk

72.3.246.59

ups.com
153.2.224.50
153.2.228.50

Re:UPS.com too

I have no problem with UPS.com, but then, I live in Sweden.

Re:UPS.com too

[datapharmer]

your dns just hasn't been refreshed either by you or your provider - the issue is actually with the whois record being updated so the authoritative nameservers are set to ns1.yumurtakabugu.com and ns2.yumurtakabugu.com. As a result this can take a while to finish propagating and can take a while to fix!

Re:UPS.com too

You wouldn't need to guess if you RTFA..

/. is cruel!

[I'm+Not+There+(1956)]

And you slashdot their homepage at the same time? Poor admins!

Home of the BOFH?

[AliasMarlowe]

Front page still hacked, but fairly harmlessly. Does that hacker know what sort of wasps' nest he may have poked his nose into? No doubt, we shall hear more from the BOFH.

Re:Home of the BOFH?

[fluffy99]

Front page still hacked, but fairly harmlessly.

The amusing thing is that had it been malicious with some unknown zero-day, that all of the slashdot lemmings would have hit the page.

Re:Home of the BOFH?

[jhoegl]

Looks more like DNS poisoning.

Re:Home of the BOFH?

[boaworm]

You were right, this was an upstreams DNS issue and not a hack on thereg itself.

Re:Home of the BOFH?

[flappinbooger]

"No doubt, we shall hear more from the BOFH."

What was your user name again? Ah. Ok. "Clicky Clicky."

You know, that wasn't a very nice email you just sent to the President.

Oh, and here, hold this wire.

whois records look hacked

root@bt:/root# whois theregister.co.uk

        Domain name:
                theregister.co.uk

        Registrant:
                Linus Birtles

        Trading as:
                The Register

        Registrant type:
                UK Sole Trader

        Registrant's address:
                Situation Publishing Limited
                PO Box 478
                Southport
                PR8 2ZW
                United Kingdom

        Registered through:
                NetNames Limited
                URL: http://www.netnames.co.uk/

        Registrar:
                Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
                URL: http://www.ascio.com/

        Relevant dates:
                Registered on: before Aug-1996
                Renewal date: 14-Mar-2012
                Last updated: 04-Sep-2011

        Registration status:
                Registered until renewal date.

        Name servers:
                ns1.yumurtakabugu.com
                ns2.yumurtakabugu.com

        WHOIS lookup made at 21:34:15 04-Sep-2011

Re:whois records look hacked

[Gonoff]

What looks wrong with that?

I came to /. from there it was working fine. Not hacked or slashdotted. (Using OpenDNS)

Don't underestimate the PFY!

The Turkish thing is just misdirection.

ups.com acer.com vodafone.com ...

[nicesecurity]

Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."

Re:ups.com acer.com vodafone.com ...

Looking at a few of them, whois update date of today. Nameservers been changed to things like: ns1.yumurtakabugu.com

Re:ups.com acer.com vodafone.com ...

[nicesecurity]

DNS hack. This is why it doesn't appear for everybody.. yet. Check their whois, they STILL all have these DNS: Domain servers in listed order: ns1.yumurtakabugu.com (NSYUMURT1119540) ns2.yumurtakabugu.com (NSYUMURT1119541)

Re:ups.com acer.com vodafone.com ...

All of the hijacked domains are registered at the same Danish registrar, Ascio.com (ASCIO TECHNOLOGIES, INC). They probably has some vulnerability this TurkGuvenligi character exploited. Watch out if you have any domains registered there. I had one there long ago, but support was terrible (the only way to change nameservers was to email them and wait days, perhaps ironic given the current situation), so I transferred it out.

As a long term Register reader ...

I can confirm that this supports our view that AGW is a hoax.

Hacked nameservers hosted in the USA

along with lots of spammy sites ? dont you guys have a police force ? or is the USA still a spammers haven ?

http://www.robtex.com/ip/67.228.37.8.html

Re:Hacked nameservers hosted in the USA

[Dunbal]

Nah, Hollywood is just not interested in having their boys - sorry, the FBI- do something about this. There's no movies involved.

Never mind...

[ajo_arctus]

Looks like a DNS hack, which'd explain why some people are seeing it come back to life and others aren't -- all depends on ISP DNS servers (cacheing and whatnot).

Anyway, can't say I'm particularly bothered. Once upon a time, about 7 years ago, the Register went downhill so badly that I stopped visiting it all together. They had a bone-headed editorial style that made them seem arrogant, dim-witted and sometimes just unpleasant. These days, whenever I accidentally follow a YC HackerNews link there (from Twitter), it looks like they're basically the same now as then.

The tipping point for me came when some idiot on their staff wrote an article complaining that Google had drawn a special logo for a world water day, but not for St. George's day (an silly English thing that we have every year). It looks like a joke in bad taste, but I don't think it was - not least because the guy that wrote tended to have a 'toxic' element in most of his writing. I've seen a few articles since showing their scepticism of climate change, wheeling out the usual 'aren't we so clever for being able to think for ourselves' bullshit despite clearly not having 'a fucking clue'.

I guess their tech coverage was OK, but their opinions got right up my nose.

Re:Never mind...

They seem to have become 'The Sun' for 'techies'

Re:Never mind...

[St.Creed]

In that case, we just witnessed an eclipse :)

Re:Never mind...

These weren't articles by Andrew Orlowski were they? (https://secure.wikimedia.org/wikipedia/en/wiki/Andrew_Orlowski)

All his articles seem to be arrogant and bitter nonsense and almost had me turn away from El Reg.

These days I just skip anything I see that's come from him...

Re:Never mind...

> their scepticism of climate change

You'll find that's now called "climate change" since it became abundantly clear that the world was in fact not getting any warmer.

Re:Never mind...

Yeh Orlowski is a fuckwit of the highest order of morons. Totally ignores facts and writes just bias. PAge is not much better.

Both censor their comment section to remove any criticism or relevant points that challenge their bias.

I no longer read any of either of their articles.

Corrections

[Artem+S.+Tashkinov]

If cannot live without The Register, put into your hosts file

Linux: /etc/hosts
Windows: C:\windows\system32\drivers\etc\host

these two lines:

72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

Re:Corrections

[NickFortune]

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

... which is actually kind of cool, seeing as how the Slashdot Effect seems to be wreaking it's usual havoc on the hacker's servers.

Every now and then, reality self-organises in the direction of justice.

Re:Corrections

[dudpixel]

Even without slashdot, I imagine the Reg gets a fair amount of traffic.

I wonder if the hacker realised just how much...

You wanna impersonate them? here, have their traffic...see how your servers cope. Who pays for the bandwidth in this case?

Re:Corrections

[SameRepeatedSQL]

I'm honestly not trolling here, but has anyone else stopped reading the register as much these days? They really seem to be sinking to tabloid levels, and their editorial line has jumped sharply to the right. Even BOFH just seems to be rinsing and repeating the same old formula. Maybe it's just me ...

Re:Corrections

Hasn't BOFH been repeating the same formula since the very beginning? Although they did tweak the formula with the introduction of the PFY.

Re:Corrections

[Bert64]

Someone else, i imagine the hackers are using another hacked server to host the defacement.

Re:Corrections

[SameRepeatedSQL]

True ... it just feels all the more tired these days.

Re:Corrections

Unless the hackers' servers are serving up drive-by malware.

meta content="MSHTML 6.00.2900.3698" name="GENERA

[aembleton]

theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.

There you are, Microsoft aid crackers.

/sarcasm

cracked, not hacked

http://www.gnu.org/philosophy/words-to-avoid.html#Hacker

Re:cracked, not hacked

[spatley]

I know we all get it. A hacker is not a criminal, a hacker is one who likes to tinker and break new ground by using tools for things other than they were intended. Kevin Mitnick was not a hacker, Nikola Tesla was a hacker. I agree the distinction is important. But guess what, we lost that fight.

The best thing we can do today is to come up with another word that means what hacker used to mean.

How about bit wrangler? Or just come up with something yourself and start using it and let the best jargon win. But hacker has been lost to us, it is no longer our word. You dig?

Re:cracked, not hacked

How about "hacker 2.0"?

Re:cracked, not hacked

Hey, I'm from MIT, back when a "hacker" was someone ingenious and creative, and generally not destructive (across all disciplines, not just computing). You can give up, but I'm not going to let the popular press mess with my college memories!

Re:False flag

Did you also know Teh Juice are putting dirty Jew particulates in the air? Quick! Hold your breath or you'll get them! Keep holding it! Keep holding...

wtf is a yumurtakabugu?

[sgt+scrub]

host -t NS theregister.co.uk
theregister.co.uk name server ns2.yumurtakabugu.com.
theregister.co.uk name server ns3.yumurtakabugu.com.
theregister.co.uk name server ns1.yumurtakabugu.com.
theregister.co.uk name server ns4.yumurtakabugu.com.

Re:wtf is a yumurtakabugu?

turkish for "egg shell"

Re:wtf is a yumurtakabugu?

[nomad63]

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...
On the technical side, I think if you are clever enough to come to /., you can check with any whois gateway to see who yumurtakabugu.com it belongs to. But I bet dollars to your pocket lint that, it is also a hacked site.

Re:wtf is a yumurtakabugu?

[93+Escort+Wagon]

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...

Okay, WHERE WERE YOU when The Register's DNS provider was hacked?

Can we hack the summary?

So people who have no problems keepin on top of the latest alphabet soup of the software world are completely stumped by the difference between IT IS and ITS?

Gateworld.net too

[Barryke]

Gateworld.net is down too. FYI:

NS1.DNSPARK.NET
NS2.DNSPARK.NET
NS3.DNSPARK.NET
NS4.DNSPARK.NET
NS5.DNSPARK.NET

Also, i do not see what good is in slashdotting them at this time.

Re:Gateworld.net too

Oh no! Where can we now go to find out when actors who appeared once in Atlantis are going to show up on other shows?!

Re:Nothingofvaluewaslost tag

[Spad]

Not really. It's a pretty decent news site with a horrible tabloid editorial slant.

When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.

Appears fixed.

Appears fixed as of 21:49 GMT.

unfollowing an account

[mcantsin]

Turkguvenligi (http://twitter.com/Turkguvenligi/following) just unfollowed an account whom he was following one hour ago! YSR08 (http://twitter.com/#!/ysr08)

Re:unfollowing an account

[mcantsin]

diff http://imageshack.us/photo/my-images/24/turkguvenligitwitterfol.png/ http://imageshack.us/photo/my-images/571/turkguvenligitwitterunf.png/

Re:unfollowing an account

[mcantsin]

... now following 3 including a Guardinan's editor. Twitter falsely counting 3 as 2 "Turkguvenligi follows 2 people": http://imageshack.us/photo/my-images/819/turkguvenligitwitternew.png/

DNS hack, some ok some down still,

[Rovastar]

Using Just-Ping to check from 50+ locations around the world only 5% have what is traditionally the correct IP (212.100.234.54 according to Netcraft) or so have the current IP most say the DNS is down.
http://just-ping.com/index.php?vh=www.theregister.co.uk&c=&s=ping!

I forced an update with Netcraft it now has a record of the another IP 68.68.20.116 with different server headers which I presume is the broken site.

http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk

The hackers could have done more damage if they also increased the TTL of the domains they poisoned. 24 hours seems to be the time atm.

It's over already

[new_confused_mind]

As shown by a `dig www.theregister.co.uk +trace`, DNS servers are returning the correct data already. Same for ups.com.

DNS Hack

[Bert64]

Several sites, including the register and ups.com were redirected by DNS to a defacement page...

A list of the sites is at:
http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1

It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.

Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry out the defacement.

It would appear that the registrar for the domains in question has been hacked, and the hackers chose a few high profile sites to deface.

Re:DNS Hack

[WoOS]

Hmm, seems to be a bit more complicated. At least in the vodafone net itself (DSL from Arcor/Vodafone).

--- snip ---
$ nslookup
> set type=ns
> theregister.co.uk
Server: 192.168.0.1 [The nameserver on the DSL router which forwards to vodafones DNS servers]
Address: 192.168.0.1#53

Non-authoritative answer:
theregister.co.uk nameserver = ns3.theregister.co.uk.
theregister.co.uk nameserver = ns4.theregister.co.uk.
theregister.co.uk nameserver = ns2.theregister.co.uk.
theregister.co.uk nameserver = ns5.theregister.co.uk.
theregister.co.uk nameserver = ns1.theregister.co.uk.
theregister.co.uk nameserver = ns6.theregister.co.uk.
> set type=a
> theregister.co.uk
Server: 192.168.0.1
Address: 192.168.0.1#53

Non-authoritative answer:
Name: theregister.co.uk
Address: 68.68.20.116 [same address as ups.com, ..]
--- snip ----

So even though I get the correct NS entries there are the wrong A entries.
whois is also correct here.

TheBlitzBit Still Up

looks like http://theblitzbit.com/ is still pointed to the right name servers.

And....

[bernywork]

Their back..

Looks like they have got themselves sorted again.

Re:And....

Whose back? And what about their back?

Or did you mean "they're back"?

Re:And....

What about their front?

Re:And....

[DrBoumBoum]

Their back, there wolf, why are you talking that way?

Re:And....

Gasp! What about their front? Is it sorted too?

Re:And....

[Kittenman]

They're back... just continuing a theme.

Re:And....

They're. For the love of all that is holy "they're back"

Re:And....

[mr100percent]

Kittenman? Are you a kitten with the muscle structure of a man? Or a man with soft body and spirit of a kitten? .

Article title is misleading

El reg is fine... I am looking at it right now. (4.13pst 4/9)

So it wasn't reg that was hacked, it was their DNS server.

Article fail

Testrun?

[WoOS]

1) Get some SSL keys

2) Redirect the DNS Servers

3) Profit!

Re:Testrun?

[LordLimecat]

Once the DNS is redirected, you can get Godaddy to get you an SSL cert in about 1 hour. Just need access to create a txt record or modify your webpage, which shouldnt be a big deal, and since the entire thing is automated I dont think youd have any issues.

Re:False flag

[webmistressrachel]

Just because you're paranoid, doesn't mean they're not out to get you.

It IS very timely, isn't it? And large scale, with no apparent profitable return for the (apparent) perps - no spyware, no stolen user data, BUT it changes our perception of Turkey in a way which suits Israel very nicely, doesn't it?

New address http://212.100.234.54/

$ ping www.theregister.co.uk

PING www.theregister.co.uk (212.100.234.54) 56(84) bytes of data.

64 bytes from 212.100.234.54: icmp_req=1 ttl=38 time=328 ms

so just use http://212.100.234.54/ and you get the site

Re:New address http://212.100.234.54/

[ledow]

That is, of course, assuming you've not done the DNS lookup after the attack, that the IP never changes, that they aren't running a DNS load-balanced setup, that they aren't running virtual HTTP servers (where an IP doesn't tell you which of the million-and-one websites that IP hosts that you actually want), etc.

DNS is there for a reason. It shouldn't be possible to arbitrarily change the DNS details for a domain you don't own - for a start, it means you can receive all their email or, worse, really mess with their settings without them actually knowing until they specifically check DNS (e.g. add a false SPF record to their site, add two A addresses with the first one false to slow-down all accesses to their site).

The problem here is the idiots controlling the DNS for The Register (and partly the Reg themselves for not being paranoid enough to have something check those settings religiously, or run their own nameservers) who allowed an SQL injection attack on their web interfaces that control the DNS and thus, presumably, bypass any authentication. Someone malicious could have done the same thing and routed all their traffic (including email) through a set of proxy servers and nobody would have noticed for ages.

I'd give it a month before we see the NS servers for the Reg change permanently to someone else, purely because of this incident.

Re:Nothingofvaluewaslost tag

[westlake]

It's a pretty decent news site with a horrible tabloid editorial slant.
When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.

"News for nerds," eh?

Who's been hacked

I think we all missed the point here. It is not El Reg who have been hacked. It is everybody else who has been hacked. Our dependency on DNS is our fault not theirs. If we had the correct address in our hosts files we would not have this issue. This is like asking some stranger for direction to some store and then you complain to the store owner for having got lost on the way and gotten mugged. I already can see how some enterprising readers could offer off-shored host file repositories for those off us less inclined to manage our own hosts files, for lets say $10 per year. I am sure there would also be some more profit oriented people out there who might offer the same service with added security for more.

Re:Who's been hacked

Who would pay that? The user doesn't care that occasionally sites "get hacked" and then return shortly after - certainly not enough to pay for it. Anyone who cares enough probably knows enough to add an entry to their own hosts file when a DNS attack does occur, so again no reason to pay. The system we have is good enough for most people, which is why it will never change to one with a little more security and a little less convenience.

the telegraph, acer and others hacked

[rickzor]

This same guy (or group) hacked a number of high profile websites today, or at least their dns servers.

The article is being updated with a list. So far ups.com, betfair.com, acer.com, vodafone.com, and telegraph.co.uk have all been defaced with the same image.

Re:the telegraph, acer and others hacked

You can add in National Geographic to your list. I got the nice red and black signature there this afternoon.

hacking

Take me to the room where the red's all red
Take me out of my head-'s what I said yeah
Its a hacking attack.

thats what they get for...

[FudRucker]

biting the hand that feeds it, (pun intended)

Re:False flag

[unitron]

Just because you're paranoid, doesn't mean they're not out to get you.

It IS very timely, isn't it? And large scale, with no apparent profitable return for the (apparent) perps - no spyware, no stolen user data, BUT it changes our perception of Turkey in a way which suits Israel very nicely, doesn't it?

(I'm not usually known for speaking out in defense of Israel's actions and intentions, but...)

Oh yes, I used to think that Turkey was a branch office of heaven, but now that I know (or have been tricked into believing) that out of the millions of Turks, one is an evil haxor, I'm instantaneously, irrevocably convinced that the entire country is in league with the devil.

Sheeesh!

The Register Hacked

[crabboy.com]

What did they hack???

World hacking day

[mustPushCart]

The seem to have declared it 'world hacking day'. I wouldn't mind a world hacking day where everyone tries to attack websites. That way at least companies will pull up their pants once a year and it will be 'open season' on sites with crappy security. Could help.

smear campaign

not turkish. israeli. its part a smear campaign being undertaken by israel against trukey for kicking out the israeli ambassador and severing military ties.

Re:smear campaign

I'm not sure how one guy acting like a douche is meant to tarnish an entire nation, anymore than it would tarnish an entire nation if they paid some guy to rob an old lady.

Re:meta content="MSHTML 6.00.2900.3698" name="GENE

theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.

Working fine for me. Maybe you should try going to the register's actual site instead of following the poisoned DNS entry to some strange IP which has nothing to do with them.

What about DNSSEC?

Surprised this hasn't come up yet...

the register deserved it

I doubt the turkish hax0r had this in mind, but I think the register might have deserved a takedown in this case. They are clearly disproportionately biased against copyright infringement issues search them for the term 'freetards', when the wikileaks stories broke they had a lot of negative coverage including a purple devil like image of Assange that reminded me of 'rock bottom' accusing homer simpson of sexual harassment.

fair play for their good articles, phrom, NOTW phone hacking etc.but they know which side their bread is buttered and won't let an inconvenient truth get in the way of their benefactors interests.

Another one...

[Robert+Zenz]

h4ck1n9 is not a cr1m3

Can somebody please shut the freaking script-kiddie who thinks he's cool up? I mean seriously...it's going on my nerves that those guys are called hackers. I mean, I'm not a hacker, not even close...hell, I'm not even a network coder because I suck at it...but I respect the real hacker community enough to exclude those guys from them.

Re:False flag

[webmistressrachel]

Sarcasm aside, isn't that what happened to Afghanistan and Iraq after 9/11?

"Oh, they might be harbouring al-quaeda!! Oh, they might have WMDs!" All due to the actions (or NON-actions in the case of WMDs) of individuals or small groups.

This is exactly what happens, the news media and American government blow the actions of a few out of proportion to support their foreign policy decisions (i.e. wars for resources).

What Pisses Me Off More...

[cdoggyd]

...than the hack itself is the lack of cooperation from ISPs used by the hackers. They don't seem to care that illegal activity is taking place on their network. Whether the attack originates from their network or the network hosts the web page or DNS records, they ignore requests for action.

El Reg is down...

[Tastecicles]

...as at timestamp.

Why are they obligated to be fair and balanced?

[rocket+rancher]

You can see this pattern with most of their staff- their articles are just often outright false. Where they're not false, they completely miss fundamental points. Where they don't miss fundamental points, they just outright lie.

So that's really why they have the reputation- they're just too agenda based. Their writers all vehemently pursue their own political agendas without care for facts, without care for reason, and worst of all- without care for the truth. That's not journalism, that's propaganda.

Hmmm. As long as the publication remains profitable, the staff should be able to write whatever the fuck they want to. You make it sound like there is some kind of obligation in the publishing business to be fair and balanced. I don't think there is. And I don't think it really matters to a discerning reader that they are calling themselves journalists when they are really just propagandists; getting all sides of a story, even the distorted side, is valuable.

Re:Why are they obligated to be fair and balanced?

Indeed. And there's a difference between a journalist and a commentator. Journalists are supposed to report the facts, but commentators are supposed to comment on them. For a commentator or a columnist or an editorial writer, it's part of the job to have an agenda. That's why the agenda is obvious. The writers almost certainly think they are already as balanced as they need to be.

In any case, what is "fair"? Xest really means that these people have a different agenda to his own. He thinks that his perspective is the only valid one, because he has a near-perfect command of the facts and has performed a near-perfect analysis of them, and thus anyone who fundamentally disagrees must be being unfair. Actually, more than one perspective may be valid. Xest may even be wrong.

To confirm this, it's useful to look at why he was banned from the site:

"I posted a response to one of Andrew Orlowski's articles the other week replying to someone that they shouldn't be surprised to see him agreeing with Murdoch as he's always had a historically right wing viewpoint."

The curious thing about calling someone "right wing" is that your accusation can never be wrong. Everyone is "right wing" from someone's perspective. So what information is conveyed? None. It's merely an insult, not a criticism. This sort of comment indicates that Xest has no respect for Orlowski's opinions. He thinks that Orlowski is a bullshitter, unworthy of real criticism, so he throws a generic "don't listen to this guy" flamebait insult.

Re:Why are they obligated to be fair and balanced?

[Xest]

I'm saying the media is given a position of power- it is granted, in some cases, the ability to break the law in the case of public good.

With that power should come responsibility- the responsibility to use that shield of being the media to produce factual and informative news.

Publications not doing that should not legally be allowed to class themselves as media, journalists, news sites and so forth.

For what it's worth I don't think there is any value in getting a completely false story- if there was some element of truth then that's interesting, but when a completely false story is given the same weight as a factual story and large elements of the public are misled because they beleive the publication behind the false story is something it isn't - a factual news outlet, then there's a problem.

Re:Why are they obligated to be fair and balanced?

[Xest]

"The curious thing about calling someone "right wing" is that your accusation can never be wrong. Everyone is "right wing" from someone's perspective. So what information is conveyed? None. It's merely an insult, not a criticism."

You've reached an interesting conclusion, but the problem is you completely missed the point.

You assume that suggesting he was right wing was ever even meant to be a criticism, so jumping to the idea that it was an insult from that flawed premise is absurd.

No, the point of the post I got banned for was to make it clear that Andrew's views align with Murdoch's (i.e. what is commonly accepted to be right wing), I did not suggest there was a problem with him having those right wing views, merely that it was not suprising that his viewpoint aligned so closely to Murdoch's - their political view follows a very similar path, a clearly right wing, for whatever that's worth.

Yet Andrew has thrown his teddy out the pram before, in fact, so did the moderator there Sarah Bee, when others have suggested they and The Register held predominently right wing views- and you see, there's the problem, the only people assuming insult from the suggestion that they are right wing, was themselves, not I, not other commentators, but themselves. They don't like being called right wing, but their viewpoints, fit well under what is commonly accepted to be right wing viewpoints- pro-privatisation, climate change deniers (or whatever the PC term is nowadays) and so forth.

You are however right about one thing- that I think poorly of Orlowski, but it's not for his viewpoint- each to their own. No, it's the inability to reflect on his own views, to accept others opinions, in his view he is right, and anyone else is not simply ignored, but where he has the power, outright silenced.

Worse, you clearly recognise there's a difference between a journalist and a commentator, and I agree about your differentiation between them, the problem is Orlowski has, on numerous occasions, claimed to be a journalist, yet has demonstrably - no, not simply in my opinion, but demonstrably - been wrong on a number of occasions, and rather than accept that, tried to silence those who point it out in response to his articles

It's odd because you (and the GP) are arguing that I'm suggesting people I disagree with aren't worthy of opinion. That's completely wrong, I'm arguing the opposite and pointing out that the problem with Andrew Orlowski is doing precisely what you accuse me of, and that's why he's an idiot- everyone should get their say, even people making a point or demonstrating that Andrew Orlowski is wrong. I'm fine with Andrew Orlowski having his opinion, I have a problem with him censoring counter-opinions and people pointing out flaws in his reasoning or arguments.

Re:Why are they obligated to be fair and balanced?

Hmmm. As long as the publication remains profitable, the staff should be able to write whatever the fuck they want to.

If the staff should have the right to "write whatever the fuck they want to", then others sure as hell have the right to criticise and disagree with them, as Xest was doing.

Freedom of speech does not mean freedom from criticism.

How can you tell?

Website hacked and replaced with meaningless drivel, sounds like a normal day for the register :-)

SLASHDOT: CHANGE THE HEADLINE!

[mbeckman]

For cat's sake, if somebody is paying attention at Slashdot, please change the false headline! Nerds can dicker over the semantics, but "The Register Hacked" is clearly false, as is the body text: "Looks like The Register has been hacked..."

I suggest the following much more informative and accurate headline and body:

NetNames Hacked, Turks temporarily hijack The Register's DNS

NetNames formal statement: At approximately 2100BST on Sunday 4 September 2011 a very small number of customer domains were redirected to an unauthorised domain name server (DNS server). This was done by placing unauthorised re-delegation orders through to the registries via our provisioning system. These orders updated the address of the master DNS servers responsible for serving data for these domains. The rogue name server then served incorrect DNS data to redirect legitimate web traffic intended for customer web sites through to a hacker holding page branded TurkGuvenligi. The unauthorised orders were added by using a SQL injection attack to gain access to a number of our customer accounts.

defacement

[unity100]

just a defacement probably through latest apache exploit.

Correction to your correction... apk

1st of all, it's not what you put down here:

"Windows: C:\windows\system32\drivers\etc\host" - by Artem Tashkinov (764309) on Sunday September 04, @05:03PM (#37304222)

It's C:\windows\system32\drivers\etc\hosts (note the trailing bolded "s"?)

AND, quite possibly (but, not in THIS case w/ 'ElReg' in this case because I get the SAME IP address resolution you do, & either you are in the same part of the planet I am, or the register only serves up from 1 server that's static in nature as far as IP address resolutions from the URL/host-domain name, probably the case here)?

It's possible that what "ping" resolves to MAY NOT BE THE FASTEST RESULT for all others everywhere in an IP Address resolution for other sites (or the same for all others reading here):

72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk

Some sites may get a diff. IP address results (GOOGLE'd be a GOOD SOLID EXAMPLE OF THAT in fact)... but, as far as the register is concerned, you're ok! Seems they only serve up from 1 single IP address... unlike sites like GOOGLE do, for example.

So, then, a tracerouting might be a better way to find a closer faster resolving IP Address with less "hops" in it (again, not in this case, I get the same IP address result you do, but on diff. sites that are widely distributed worldwide, server-wise, such as GOOGLE, that may not always be the case)...

APK

P.S.=> At least you were "modded up" for a post on HOSTS file usefulness information... I state that, lol, because when I do it? Well... 9/10 times, I get a "downmod" (hit & run cowardly ones w/ no technical justification that's valid behind them no less as well)... apk