Paraguayan ccTLD Hacked, Google.com.py Redirected, Internal Database Leaked

MrJones writes "Last February 20th, hackers supposedly from Iran accessed and modified (English) the www.NIC.py database, redirecting www.google.com.py to another site. The hackers posted the whole NIC.py database containing full names, national ID numbers, street addresses, phone numbers, and more of registrants. This is not the first time (English) that NIC.py, managed by the 2 most respectful Computer Science Universities of Paraguay, was hacked. Since the entire database was released, local white hat hackers were able to calculate how much money NIC.py was making annually (English) by charging $44 US per .py domain. The local CS community are urging the NIC.py administrators to do all whats possible to protect the .py domain names since the hack was done by exploiting a simple remote code execution vulnerability. If they can modify google.com.py, just imagine what they can do to banks and financial institutions. Maybe Google can helps us."

What about Mexico?

How does this affect me, Bender?

Maybe it just isn't the best criteria

"managed by the 2 most respectful Computer Science Universities of Paraguay"

I'm all for politeness but I think something like this should probably be managed by the most respected Universities.

Re:Maybe it just isn't the best criteria

Maybe Google can helps us with grammar.

Re:Maybe it just isn't the best criteria

Well, normally, it is editors who can helps us with grammar.

But this is Slashdot... so I guess Google is our only hope.

Re:Maybe it just isn't the best criteria

[Elros]

Well, normally, it is editors who can helps us with grammar.

But this is Slashdot... so I guess Google is our only hope.

Help me, Larry Page! You're my only hope!

Re:Maybe it just isn't the best criteria

[ColdWetDog]

Oh, Paraguay

Re:Maybe it just isn't the best criteria

[radarskiy]

Where could grammar help be used? The sentence in question is grammatically correct.

not incompetent, just lazy!

The Paraguayans are lazy about patching their security holes because the weather is so nice.

Re:not incompetent, just lazy!

[Chrisq]

The Paraguayans are lazy about patching their security holes because the weather is so nice.

Hence the "Maybe Google can helps us". Why bother to leave the hammock yourself!

For extra irony points

[Arancaytar]

I hope it was a vulnerability in their Python code?

Re: For extra irony points

[Juan+de+los+Palotes]

well, it was just a matter of Âimport nicÂ.

Re: For extra irony points

/.'s unicode support sucks?

Re:For extra irony points

There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.

Re:For extra irony points

[Fear+the+Clam]

There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.

The Anaconda don't want none unless you got root access, Hon.

Re: For extra irony points

[jones_supa]

Anyone reading this at Dice...can you at least finally add the Unicode support to the Beta?

Re: For extra irony points

[Cryacin]

No Dice.

Re: For extra irony points

What a drag!

Re:For extra irony points

[Nyder]

There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.

The Anaconda don't want none unless you got root access, Hon.

Nice Sir Mix-a-lot. =)

Re: For extra irony points

[Soulskill]

It's on our to-do list (and has been for a long time), but our to-do list is pretty huge. I'll bring it up again at our next meeting and see when we can find time for it. Sorry I don't have anything more specific for you.

Most respectful?

[wonkey_monkey]

the 2 most respectful Computer Science Universities of Paraguay

Respectful is nice. Respected would be better.

Re:Most respectful?

Given the sources within the story, pretty high chance submitter is not english.

Re:Most respectful?

[oodaloop]

I hope they at least did the needful.

Re:jagger's dna lost in lhc composting accident

[philip.paradis]

The bit about hymenless monkeys is intriguing. Newsletter?

hobbyist whiners @ lhc composting accident site

let us have at it they whine. we can extract what's left of jagger out of that mess. we could make him smaller, quieter, younger,,, we have his digits....

nothing really new in centuries until now?

enter the jaggerwire. the result of dna salvaged at the lhc composting accident. it may look like just another monkey, but this ape was built to escape. never stops moving, big lips, wavy hips, no hymen to answer for or be held hostage by, she rocks....

The hacker found the password

The admins didn't fool the hacker when they used "passwordo" as root password.

Re:The hacker found the password

Actually, passwordo sounds like a pretty good password, since it is not a word in English or Spanish. Not even in Guarani.

Re:The hacker found the password

that's the english translation for pasguord

150th generation jaggerwire spotted in the wwwild

we call her cyndi http://www.youtube.com/watch?v... so time space & circumstance stability is an illusion for sure. for sure we've been here before?

Slashdot only allows anonymous users to post 10 times per day (more or less, depending on moderation). A user from your IP has already shared his or her thoughts with us that many times so rock on /.

"Last February 20th,

[Threni]

You mean this February then. That was last week, not last year, therefore its misleading to say "last February".

Re:"Last February 20th,

If they said "Last February" I would agree, but they said "last February 20th."

You can't say that someone made a misleading statement if they said their car seat is black when the car is red. They are talking about the car seat, not the car. Here they are talking about the day, not the month.

Re:"Last February 20th,

February 20th, 2014, was this February 20th, not last February 20th, which was in 2013.

Re:"Last February 20th,

According to the Free Dictionary:

last:
      3. Just past; most recent

What definition of last means "the one before the most recent"?

But I see where you're coming from, I probably wouldn't say "last weekend" on Monday to refer to Sunday. Following this usage, though, at what point does "Last February 20th" become February 20th, 2014? Is it March 1st, 2014, December 31st, 2014, or February 1st, 2015?

Can you cite a source for common rules of this vs last vs next? My googling hasn't turned up anything.

Yeah, I guess you could say it is misleading through it's ambiguity.

Steve

You've clearly never been.

It's not only universities problem

[alefq]

People buying domains for that price without complaining is also a BIG part of the problem. Paraguay has one of the most expensive TLD 44 USD, and probable the worst service. This is not an isolated case, is the reality in many other areas in my country, paraguayans running a public service abusing of other paraguayans. More and more people are buying domains outside ".py" because of that, overpriced and poor quality of service.

Re:It's not only universities problem

If you buy your domain abroad, but remain physically inside Paraguay, you still have the overpriced Internet access with crappy bandwidth to deal with...

well, duh.

as if universities ever had enough money to run it services properly.

Re:Triple Frontier

[TheDarkMaster]

A "bit"? The place is like the old north-american Wild West. All you need to do to bump into a criminal is entering the country.

A note

[stonecypher]

Nothing needs to be hacked to get that same estimate of revenue.

Just download their zone file and multiply by their annual. The zone file even tells you when they were registered and when they're registered until, allowing you to take account of public discounts for registration length.

It's still an upper bound; you don't know what other offers or freebies are in there. But still. It's a better upper bound than the hack ostensibly provides.

Central point of failure

[Hypotensive]

Lessons still not learned.