FYI, this guy is wrong. It was the Mail-From security hole. They
changed the contacts, and then did the registrar transfer approved by
the "new" admin contact.
Thursday, June 01, 2000, 11:43:46 AM, you wrote:
JB> ---------- Forwarded message ----------
JB> Date: Thu, 1 Jun 2000 14:49:00 -0400
JB> From: Ron Bennett <bennett@WYOMISSING.COM>
JB> To: DOMAIN-POLICY@LISTS.INTERNIC.NET
JB> Subject: Re: Network Solutions - ATTENTION - what's happening with this?
JB> NO!! it's not the same usual MAIL-FROM security hole.
JB> In fact what the guy did was switch web.net to OpenSRS
JB> and then changed the Registrant. There needs to be a
JB> CENTRAL database of Registrants pronto! My greatest
JB> fears seem to be coming true just as I sadly expected :-(
JB> For people not familiar with OpenSRS...they allow their
JB> customers to change ANY field including that of the
JB> Registrant (owner) without any paperwork or anything.
JB> To be fair, some other Registrars allow the same thing,
JB> but this should not be...domain names are very valuable
JB> and to allow such critical changes to be made without
JB> oversight is dangerous and downright irresponsible!!
JB> Ron Bennett
JB> CCed to comments@icann.org since ICANN is very
JB> much to blame for allowing this to happen...hopefully
JB> ICANN fixes the web.net domain mess soon for this guy.
JB> At 11:12 AM 6/1/00 -0700, William X. Walsh wrote:
>>Same old Mail-From security hole.
>>
>>But then some on this list (Gary, you still around?) do not believe
>>that this is negligence on NSI's part. Sheesh.
>>
>>
>>
>>Thursday, June 01, 2000, 10:42:20 AM, you wrote:
>>
>>DJB> Network Solutions - ATTENTION - what's happening with this?
>>
>>DJB>
>>http://www.thestar.com/thestar/editorial/updates/business/20000601NEW01d_CI-DOMAIN1.html
>>
>>DJB> There should also be some consideration here to pursue criminal
>>DJB> action. This is theft.
>>
>>DJB> Registrant:
>>DJB> Billy Tandoko
>>DJB> Kotak Pos 3988 JKP
>>DJB> Jakarta Pusat, DKI 10039
>>DJB> ID
>>
>>DJB> Domain Name: WEB.NET
>>
>>DJB> Administrative Contact:
>>DJB> Tandoko, Billy gudangduit@zor.i-p.com
>>DJB> (081) 811-0078
>>
>>DJB> Technical Contact:
>>DJB> Tandoko, Billy gudangduit@zor.i-p.com
>>DJB> (081) 811-0078
>>
>>DJB> Billing Contact:
>>DJB> Tandoko, Billy gudangduit@zor.i-p.com
>>DJB> (081) 811-0078
>>
>>
>>DJB> Record last updated on 1-Jun-2000.
>>DJB> Record expires on 24-May-2001.
>>DJB> Record Created on 26-May-1993.
>>
>>DJB> Domain servers in listed order:
>>DJB> DNS1.RESERVEME.COM 209.219.133.110
>>DJB> DNS2.RESERVEME.COM 209.219.133.111
>>
>>DJB> Registrant:
>>DJB> Billy Tandoko
>>DJB> Kotak Pos 3988 JKP
>>DJB> Jakarta Pusat, DKI 10039
>>DJB> ID
>>
>>DJB> Domain Name: BALI.COM
>>
>>DJB> Administrative Contact:
>>DJB> Tandoko, Billy compliance@opensrs.org
>>DJB> (081) 811-0078
>>
>>DJB> Technical Contact:
>>DJB> Tandoko, Billy gudangduit@zor.i-p.com
>>DJB> (081) 811-0078
>>
>>DJB> Billing Contact:
>>DJB> Tandoko, Billy gudangduit@zor.i-p.com
>>DJB> (081) 811-0078
>>
>>
>>DJB> Record last updated on 30-May-2000.
>>DJB> Record expires on 01-Nov-2001.
>>DJB> Record Created on 02-Nov-1998.
>>
>>DJB> Domain servers in listed order:
>>DJB> DNS1.RESERVEME.COM 209.219.133.110
>>DJB> DNS2.RESERVEME.COM 209.219.133.111
>>
>>
>>
>>--
>>Best regards,
>> William mailto:william@userfriendly.com
-- Best regards, William mailto:william@userfriendly.com
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:37 EDT