Strange how I don't see anything in the news, but Hushmail, the secure mail service, is reporting that it's registrar was hacked on Saturday and the hushmail.com domain was redirected for several hours. Hushmail doesn't name the registrar, but a whois check shows it to be Network Solutions.
This is scary stuff, because Hushmail is a 2048 bit strong encryption email service, used internationally for secure, private email. If the site was phished, it is possible that the hackers collected passphrases for hushmail accounts from users who didn't notice the phishing webpage was any different from a "regular" hushmail login.
Perhaps most odd is that I didn't see anything on slashdot, or anywhere else in the news about a security breech at Network Solutions (?)
From the hushmail.com website:
On April 23rd, an unauthorized party gained access to our customer account at our domain registrar. A domain registrar is a company that is responsible for controlling which website actually gets displayed when you enter an address (such as www.hushmail.com) in your web browser. Therefore, by breaching security at our domain registrar, the unauthorized party was able to control which website would be displayed when users entered the address www.hushmail.com.
The unauthorized party altered the domain settings so that users entering www.hushmail.com in their web browser were no longer directed to our real website. Instead, users were redirected to a different website at a different location. Soon that website was shut down, and users simply received an error page.
We are following up with our domain registrar to determine how the unauthorized party was able to gain access to their system.
There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com may not have been delivered.
Please accept our sincerest apologies for the inconvenience this has caused. We take this incident very seriously, and will continue to update this page as more information becomes available.
Comments