tax-on-web has closed their DNS servers down but
For people from outside Belgium. Taxonweb lets you fill in your tax filing online. It is being used for approx 1 million tax filings.
Some weeks ago the DNS server of taxonweb was still open, this is to say that anybody could do some reverse dns search and the DNS server would accept any lookup for any domain of the internet. You understand that this makes the DNS server very vulnerable because with a simple botnet you can put it out of order or in time-out problems. I won't explain here what could happen next - and it is rather complicated for most of people - but the result could that people infected with a certain virus could find themselves working on other servers than the official one because the internal DNS of their computers led them to these fraudulent servers because there was a time-out on the DNS server. If you know also that the services are mostly used by certain ranges of IP adresses and by certain services (for 80% civil servants and accountants) than you could combine this with a targeted attack.
So you say, so far so good.
Not quite. They still need to test some details and to putt up an email address by which their technical and security staff could be contacted if something was happening around their DNS server. According to the report nothing is done here. Maybe it is better than some other big networks where the technical contacts for their DNS servers is a non-working emailaddress.
But what do you want ? No controls, no legislation, no audits. Everybody does here as it pleases. Even the law is thrown in the dustbin without being enforced during one second. Oh yes for virtual pedo's on Second Life they have time and people. But for our critical infrastructure ? Who cares ? Untill it breakes down and than they will come on tv with big declarations, huge funding and many promises. I only hope for all the people and businesses that depend on the internet that it doesn't come to that.
So why do they only have 7 out of ten in second session
and someone out there - he knowns - thanx for relating the info and getting this fixed. Get now the rest also fixed please.