[ISN] Re: [defaced-commentary] Crackers deface Ferrari

From: InfoSec News (isnat_private)
Date: Thu May 16 2002 - 00:12:28 PDT
Next message: InfoSec News: "[ISN] Security UPDATE, May 15, 2002"
Previous message: InfoSec News: "[ISN] Securing The Center"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------- Forwarded message ----------
Date: Wed, 15 May 2002 14:24:38 -0400 (EDT)
From: security curmudgeon <jerichoat_private>
To: defaced-commentaryat_private
Subject: Re: [defaced-commentary] Crackers deface Ferrari   


[Once again, Mr Rodrigues does some good digging on the latest high
profile defacement.]

---------- Forwarded message ----------
From: Giordani Rodrigues <editorat_private>
To: security curmudgeon <jerichoat_private>
Date: Wed, 15 May 2002 10:41:38 -0300
Subject: Re: [defaced-commentary] Crackers deface Ferrari  

Hi, Brian.

Every major site posted an article about it, here in Brazil. And the
reasons are: Barrichelo and the defacers are Brazilians. But, IMHO,
everybody made a mistake, including Mr. Leyden from The Register. As
far as I know, the sites don't belong to the real Ferrari, and I said
it in my article (in colaboration with Eva Mothci and Fernando Sousa,
from Terra/Lycos):

http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid1021323288,70815,/

There were 3 defaced sites: ferrari-group.com and ferrari-group.biz, defaced
by S4t4n1c_Souls and ferrari.co.jp, defaced by Silver Lords.

The mirrors are:

http://www.zone-h.org/defaced/2002/05/12/www.ferrari.co.jp/

http://www.zone-h.org/defaced/2002/05/12/www.ferrari-group.com/

http://www.zone-h.org/defaced/2002/05/12/www.ferrari-group.biz/



Click on www.ferrari-group.com (it's restored now). Do you really think this
site belongs to Ferrari?  (The title of the page is "new domain"!!)

Ferrari is located at Maranello, Italy, and its company's name is Ferrari
S.p.A.

But, take a look at these whois:

Ferrari-group.biz and ferrari-group.com (the domain ferrari-group.com was
created in 2001-09-27, only 6 months ago!!!):

Domain Name.......... ferrari-group.com
 Creation Date........ 2001-09-27
  Registration Date.... 2001-09-27
  Expiry Date.......... 2002-09-27
  Organisation Name.... Ferrari Group srl
  Organisation Address. via T. Gallio, 3
  Organisation Address.
  Organisation Address. Cittadella
  Organisation Address. 35013
  Organisation Address. PD
  Organisation Address. ITALY

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 FERRARI-GROUP.BIZ
Domain ID:                                   D2348143-BIZ
Sponsoring Registrar:                        MELBOURNE IT D/B/A  INTERNET
NAMES WORLD WIDE
Registrant ID:                               B10128418300782
Registrant Name:                             Ferrari Group srl
Registrant Organization:                     Ferrari Group srl
Registrant Address1:                         Via T. Gallio, 3
Registrant City:                             Cittadella
Registrant State/Province:                   PD
Registrant Postal Code:                      35013
Registrant Country:                          Italy
Registrant Country Code:                     IT
Registrant Phone Number:                     +39.0498056830
Registrant Facsimile Number:                 +39.0498056834
Registrant Email:                            domainsat_private

[snip]

Technical Contact Email:                     inwwat_private
Name Server:                                 NS.SEVEN.IT
Name Server:                                 NS2.SEVEN.IT
Created by Registrar:                        MELBOURNE IT D/B/A  INTERNET
NAMES WORLD WIDE
Last Updated by Registrar:                   MELBOURNE IT D/B/A  INTERNET
NAMES WORLD WIDE
Domain Registration Date:                    Mon Feb 04 16:57:11 GMT 2002
Domain Expiration Date:                      Tue Feb 03 23:59:59 GMT 2004
Domain Last Updated Date:                    Tue Feb 05 16:33:59 GMT 2002

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx

Ferrari.co.jp

Domain Information:
a. [Domain Name]                FERRARI.CO.JP
g. [Organization]               KATO INC.
l. [Organization Type]          Corporation
m. [Administrative Contact]     SS535JP
n. [Technical Contact]          MA129JP
p. [Name Server]                ns.ferrari.co.jp
p. [Name Server]                ns2.birthday.co.jp
y. [Reply Mail]                 info@d-wing.co.jp
[State]                         Connected (2002/06/30)
[Registered Date]               1997/06/30
[Connected Date]                1997/07/02
[Last Update]                   1998/07/29 21:29:30 (JST)
                                yazaki@d-wing.co.jp

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The real Ferrari (Ferrari.it):

domain:      ferrari.it
x400-domain: c=it; admd=0; prmd=ferrari;
org:         Ferrari SpA
descr:       Fabbrica Automobili Sportive e da corsa
admin-c:     MS2780-ITNIC
tech-c:      MS2780-ITNIC
tech-c:      BC339
postmaster:  IM175-ITNIC
zone-c:      BC339
nserver:     193.42.138.2  dns.ferrari.it
nserver:     194.196.14.4  genius.intesa.it
mnt-by:      INTESA-MNT
created:     before 960129
changed:     michele.deluciaat_private 19990726
changed:     hostmasterat_private 19990630
changed:     hostmasterat_private 20000817
source:      IT-NIC

person:      Mauro Sabbatini
address:     Via Abetone Inferiore, 4
address:     I-41053 Maranello (MO)
address:     Italy
phone:       +39 0536 949230
fax-no:      +39 0536 949414
nic-hdl:     MS2780-ITNIC
changed:     hostmasterat_private 19980120
source:      IT-NIC

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The real Ferrari at USA:

Ferrari North America (FERRARI6-DOM)
   via Abetone Inferiore 4
   Maranello, MO 41053
   ITALY

   Domain Name: FERRARI.COM

   Administrative Contact:
      Sala, Alessandro  (ASV707) asalaat_private
      ferrari s.p.a.
      via Abetone Inferiore 4
      Maranello, MO 41053
      IT
      +39 0536 949792 (FAX) +39 0536 949011
   Technical Contact:
      Ciaoservice Domain Registration Staff  (CD3998-ORG)
cshostmasterat_private
      Ciaoservice s.p.a.
      Strada 3 - Palazzo B/2 - 20 Piano
      Assago, 20090
      ITALY
      +39 02 575591
      Fax- +39 02 57559319


Regards,

Giordani Rodrigues
http://www.infoguerra.com.br


-
The information and commentary is Copyright 2002, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staffat_private

To subscribe to Defaced Commentary, send mail to majordomoat_private
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
Next message: InfoSec News: "[ISN] Security UPDATE, May 15, 2002"
Previous message: InfoSec News: "[ISN] Securing The Center"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Thu May 16 2002 - 03:54:30 PDT