https://bitcointalk.org/index.php?topic=354565.0 and also
https://bitcointalk.org/index.php?topic=354365.0 (EDIT: actually probably got those the wrong way round - the second thread there has more info. There may well be other thread in the Meta forum. EDIT: Also
https://bitcointalk.org/index.php?topic=354570)
The main story is that someone compromised the bitcointalk.com account at the domain registrar, and then changed the nameservers so they could mount a man-in the-middle attack on the forums. (I haven't seen any details of what they actually did, if it is known, but my personal guess would be that they intended to harvest passwords in the hope that some people would use the same credentials on online wallets or exchanges.)
The interesting detail is that the attackers used Cloudflare to host their mitm site. Cloudflare does some (slightly controvertial) SSL hackery whereby they automatically get GlobalSign to issue a cert on your behalf when you sign up with them (techically they include your domain in the subjectAltName extension of one of their server's certs). They'll present your site as SSL to the web at large using that GlobalSign cert even if you don't bother to implement SSL yourself (or if you only use a self-signed cert).
No doubt you agree to this in the small print when you sign up with them, and of course, once an attacker controlls your DNS, they can trivially obtain a cert by hand in half an hour or so, using any of the dozens of providers that just validate domain ownership by checking you can respond to a mail to
admin@domain.com or some such.... But the Cloudflare solution makes things very easy for lazy hackers wanting to spoof an SSL site :-)
roy
