FYI, it's not a problem with OpenSRS.
It's just a known security hole in Network Solutions regsitrar's e-mail
modify template when using "mail-from" authentication.
On Thu, 1 Jun 2000, Swerve wrote:
> Imo, responsive registrars should offer multiple levels of security to
> prevent this. Including digital password protection, +secure email
> confirmation,
> and perhaps extended security involving photo i.d.'s and/ or other non
> digital methods for domain names that require IronClad security. Names that
> might require this, are names that the owner themselves would almost never
> transfer ownership of, and if ownership transfer was required, the owner
> wouldn't mind jumping thru hoops to allow for a transfer. I would be
> content to pay a small fee for each domain that had the highest level of
> security.
>
> Imo, this is a very serious issue that needs to be dealt with asap.
Just don't do business with NSI Regsitrar.
> regards,
>
> Josh M
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:37 EDT