-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
All Discussion re: Tesla Motors Website & Forums
- Thread starter vfx
- Start date
-
- Tags
- forum Tesla Inc.
stopcrazypp
Well-Known Member
thegruf
Active Member
getting into the press (inevitably). Look out for some quality and informed reporting coming up ...
http://www.bloomberg.com/news/artic...ed-on-twitter-media-relations-e-mail-accounts
http://www.bloomberg.com/news/artic...ed-on-twitter-media-relations-e-mail-accounts
The CPO site is also compromised. Since it just went live today and there was big press release about it, you can bet this is doing real damage to Tesla's market place. If I were prospective buyer who hadn't looked until today when the CPO site went live, I'd have serious doubts about this company.
They could have forged the SSL cert for tesla's site and access the data by just storing all data that is sent to the servers if the tesla app uses the AFNetwork library, see here: Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers
CALGARYARSENAL
Member
jdo
Member
Understood, but if I type in the IP address right now, it says that Tesla Motors is offline. If the problem is just the DNS server, why would they take the site off-line?
Taking over the domain would make it easy to reset the twitter password by requesting a password reset link to the relevant teslamotors.com email address.
This is a DNS hack. Looks like it has been fixed at the root (control back in Tesla's hands), but the global DNS caches still have the cracker's malicious records.
My recommendations:
1] Don't login to teslamotors.com. Don't login to the remote App. Don't enter any credentials into anything teslamotors.com related.
2] Turn off visible tesla (or anything that could provide your credentials automatically).
3] From what I can see, the crackers went after the main domain, not the vn.teslamotors.com sub-domain, but not entering App credentials still seems prudent at this time.
4] Sit back, relax, and wait for the dust to settle. If you've done #1 and #2, you don't need to worry.
My recommendations:
1] Don't login to teslamotors.com. Don't login to the remote App. Don't enter any credentials into anything teslamotors.com related.
2] Turn off visible tesla (or anything that could provide your credentials automatically).
3] From what I can see, the crackers went after the main domain, not the vn.teslamotors.com sub-domain, but not entering App credentials still seems prudent at this time.
4] Sit back, relax, and wait for the dust to settle. If you've done #1 and #2, you don't need to worry.
The actual website is behind a load balancer/proxy/cache. The proxy is trying to get the DNS for the hidden/internal version of the site (the actual server) and is getting the bad DNS version which doesn't have that host pointed anywhere.
stopcrazypp
Well-Known Member
Last time I checked a couple hours ago, it was still showing the Tesla site. You are right that it is now showing the site is off for maintenance.
They may have taken it down to make sure the hackers didn't manage to get access to anything. Since the hackers were able to spoof email addresses for quite some time as a recipient (that's likely how they got into the Twitter accounts, by sending a password reset request where the reset link would go to their own server), it's unknown what other accounts they got into.
Bingo, hello new MX records. This is why you should consider extra long TTL's for established DNS records that are unlikely to change.
The hackers added a wildcard record for *.teslamotors.com, so they took over all subdomains.
The hackers were not, as of this writing, running an SSL/HTTPS server (port 443) so login attempts wouldn't go anywhere anyway. The hackers shouldn't have a valid cert to pass for teslamotors.com for this anyway, and the app won't connect without a proper cert.
I think the biggest concern of mine is the catch-all email redirect they had in place for mail destined to *@teslamotors.com.
stopcrazypp
Well-Known Member
That's the biggest issue I see right now too. There's a lot of stuff they can do with that kind of redirect.
jdo
Member
gg_got_a_tesla
Model S: VIN 65513, Model 3: VIN 1913
In all this, don't know why that poor kid in IL was targeted:
http://www.cnbc.com/id/102620200
It it was wantonly done, hopefully, the link to the perpetrators can quickly be established.
http://www.cnbc.com/id/102620200
It it was wantonly done, hopefully, the link to the perpetrators can quickly be established.
Similar threads
- Article