Iranian hackers leak Turkmenistan web address registry passwords

Turkmenistan domain registry hacked, allowing fraudsters to create potentially malicious dot-tm websites under the guise of legitimate company names: Among domains registered there were “youtube.tm, gmail.tm, intel.tm, orkut.tm, google.tm, yahoo.tm and other zillion-user-per-day sites.” “The hackers say they found a way to inject SQL code in hidden form fields with insufficient validation and input sanitization.” In a blog entry, the intruders posted customer names, e-mail addresses and passwords, none of which were encrypted. “In the term of data gathering, we made the attack automatically and dumped all the database. Another considerable note was the passwords, they have been saved in clear text and this is an unacceptable issue for a NIC of a country,” reads the blog post.