Since Joe posted the other message, I thought I should post the reply so
everyone has the complete story here...
---------- Forwarded message ----------
Date: Thu, 1 Jun 2000 11:48:55 -0700
From: William X. Walsh <william@userfriendly.com>
To: DOMAIN-POLICY@LISTS.INTERNIC.NET
Subject: Re: Network Solutions - ATTENTION - what's happening with this?
Hello Ron,
Thursday, June 01, 2000, 11:49:00 AM, you wrote:
RB> NO!! it's not the same usual MAIL-FROM security hole.
Wrong, again. The admin contact for the domain name was modified by a
Mail-From template.
RB> In fact what the guy did was switch web.net to OpenSRS
RB> and then changed the Registrant. There needs to be a
RB> CENTRAL database of Registrants pronto! My greatest
RB> fears seem to be coming true just as I sadly expected :-(
Without the above mail-from issue, this would never have happened,
since the OpenSRS system sends an email to the ADMIN CONTACT for a
domain name who must approve a transfer before OpenSRS submits it to
the registry.
This was CLEARLY a mail-from security issue.
-- Best regards, William mailto:william@userfriendly.com
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:37 EDT