Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Domain Factory' Confirms January 2018 Data Breach (theregister.co.uk)

Posted by msmash on from the security-woes dept.

German hosting company Domainfactory has taken down its forums after someone posted messages alleging to have compromised the company. From a report: Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach claimed by the hackers. "While we investigate this data breach, we already know that third parties could have had unauthorised access to the following categories of data: Customer name; Company name; Customer number; Address; E-mail addresses; Phone number; DomainFactory Phone password; Date of birth; Bank name and account number (eg IBAN or BIC); and Schufa score." The company says it has secured the systems the attacker accessed.

14 comments

  1. Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

    Would using a modern, security-first programming language like Rust have prevented this breach from happening?

    1. Re:Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      No, this breach was an intrusion into a computer database via software not a physical problem with the building. Rust has nothing to do with IT security.

    2. Re:Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Would using a modern, security-first programming language like Rust have prevented this breach from happening?

      Rust will never prevent any attack because no one uses Rust for anything relevant. Perhaps except Servo.

    3. Re: Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Rust has a lot to do with IT security. It entirely eliminates several attack vectors and attack surfaces that software written in C or C++ are vulnerable to. That lets security professionals focus on other vulnerable aspects of the systems in question. Rust can then be used to help strengthen the defense of these other vulnerable components, assuming Rust doesn't prevent the attacks in question completely.

      We're starting to see the top end security professionals adopting Rust because it's so proactive at putting safety and security first, without trading away performance or functionality. From a security standpoint, Rust is the best we've got.

    4. Re: Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Stop spamming your stupid rust circlejerk shit everywhere. Rusty is a useless pile of shit just like you.

    5. Re:Would Rust have prevented this breach? by ledow · · Score: 2

      If the problem were that simple, everyone would have moved to Rust or similar languages decades ago.

      Simple fact, your (evangelical) choice of language does not change how you're forced to express your desires, or fix problems associated with the vast majority of programming errors.

      Though there are languages where being "misconstrued" is less likely in a minority of cases, most programming problems are caused by expressing totally the wrong thing and not what you intended at all, not a simple ambiguity of expression.

      Hint: There's a reason that Rust still includes "unsafe" functionality. Because what you WANT TO DO is unsafe, not how you want to say it. And that's almost always because you choose that tradeoff consciously (usually for performance or direct-hardware-acces).

      Just look at Java. Ignore the syntax of the language itself, but the concept. Partition everything off into a virtual machine, which could be WRITTEN IN JAVA ITSELF (self-hosting). Now do real-world deployment and you discover two things: 1) it doesn't stop bone-headed code, 2) you need to break out of the virtual machine via direct interfaces in order to get what you need done.

      It doesn't matter if you describe your security procedures in French or German. Unless you can PERFECTLY describe EXACTLY what you want to do, without possibility of any error, then it doesn't make any difference which one you choose to express it in.

    6. Re: Would Rust have prevented this breach? by Khyber · · Score: 1

      "It entirely eliminates several attack vectors and attack surfaces that software written in C or C++ are vulnerable to."

      That only happens when you're a n00b-ass that never picked up a proper programming book - e.g. most Rust programmers.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    7. Re:Would Rust have prevented this breach? by najajomo · · Score: 1

      Anon: "Would using a modern, security-first programming language like Rust have prevented this breach from happening?"

      No, as the fault lies in the underlying Intel MMU hardware ..

  2. No hacking from Federal Prison by Anonymous Coward · · Score: -1

    We can rule out the Trump admin from any hacks in the next 1-25 years. No hacking from Federal Prison.

  3. I am APK the great by Anonymous Coward · · Score: -1

    I am APK the great, a.k.a. AlecStaar or Alexander Peter Kowalski.

    I am the godlike creator of various GUI front-ends for other people's configuration files.

    Calling people ne'er-do-wells or Jealous JOWIE is how I think I win every argument

    When people state the truth about me I get really mad and accuse them of projecting which is something I do all the time.

    Don't call me out on anything unless you are willing to prove you too can write some strings to a file

    Spamming and being a general pain in the ass is what I do

    Listen as I relive my glory days of being a college athlete in the early 80s

    Bask in my greatness as I can do a ping as a non root user.

    Watch as I whine about my work being flagged as malware by anti-virus software.

    Witness my descent into madness

    APK

    1. Re:I am APK the great by Khyber · · Score: 0

      "Listen as I relive my glory days of being a college athlete"

      The guy ain't no Al Bundy, come on. He's too physically retarded to have ever made it onto a football team with all that time spent sitting down and being a nerd.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  4. The vulnerability appears to coincide with... by Anonymous Coward · · Score: 3, Interesting

    ... the outsourcing of the 24/7 operational server supervision to "LvivIT!", a Ukrainian IT service. Up to 2015, Domainfactory advertised "Hosting made in Germany". Prices increased when DomainFactory was sold to HostEurope and again when HostEurope was sold to GoDaddy.

  5. Why did *BSD die? by Anonymous Coward · · Score: -1

    Sure, we all know that *BSD is a failure, but why? Why did *BSD die? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 20 years ago in academic circles. Since then it has been in steady decline. We all know *BSD effectively lost all of its market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personas?

    The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom has settled in. Now is the end time for *BSD.

  6. Impersonating me (again) PROVES 1 thing by Anonymous Coward · · Score: -1

    See subject: You WISH you were me & you STALK me by UNIDENTIFIABLE anonymous posts threatening it https://slashdot.org/comments.... "imitation = sincerest form of flattery" as you are now, impersonating me via clearly INFERIOR imitation of myself GIVING YOU AWAY!

    HOWEVER:

    You do make good on your "threat" (& I've caught you doing it already this week saying things I NEVER WOULD (APK="God's gift" etc.)) but that very 'threat' makes you look like the PSYCHO LOON you clearly are...

    * You need SERIOUS "loony-bin QUALITY time" imo... & GET ON TOPIC!

    APK

    P.S.=> You're the one "descending into madness" COMPLETELY OFF-TOPIC in some weirdo attempt to "make me look bad" but EVERYONE KNOWS I only post on hosts where they apply ON TOPIC & I certainly don't say what you are saying now - that's for sure... apk