Security Alert! - Caution accessing QRIScloud / NeCTAR from UQ - 2017-07-26

Follow

Important Security Alert.

Starting some time this morning, some of the UQ DNS servers are serving bogus IP addresses for lookups of all names in the "nectar.org.au" domain.  This enables possible Man-In-The-Middle attacks against supposedly secure connections to NeCTAR services and (some) QRIScloud services.

WARNINGS.

  1. If your web browser tells you that a connection is insecure, DO NOT override this.  DO NOT add an exception.  The browser is telling the truth.
  2. If your SSH tool tells you that it cannot establish a connection, or if connections are being reset or broken, DO NOT override this.
  3. If you have already done one of the above, please contact QRIScloud Support urgently.
  4. If you have configured scripts or services to ignore SSL certificate security, beware the scripts / services could have been unknowingly connecting to the attacker's servers while this attack was in progress.  (You should never do this!)

UPDATE: 10:15 am.

UQ ITS have informed us that they have removed the bogus DNS entry from their DNS server.  However, the above warnings still apply.

Note that we only have evidence that UQ DNS was affected by this.

UPDATE: 10:30 am.

UQ ITS have informed us that the cause of the problem was a misconfiguration, not a deliberate hack.

 

Have more questions? Submit a request

Comments

Powered by Zendesk