On Thu, 1 Jun 2000, Joe Baptista wrote:
> NO!! it's not the same usual MAIL-FROM security hole.
>
> In fact what the guy did was switch web.net to OpenSRS
> and then changed the Registrant. There needs to be a
> CENTRAL database of Registrants pronto! My greatest
> fears seem to be coming true just as I sadly expected :-(
>
> For people not familiar with OpenSRS...they allow their
> customers to change ANY field including that of the
> Registrant (owner) without any paperwork or anything.
> To be fair, some other Registrars allow the same thing,
> but this should not be...domain names are very valuable
> and to allow such critical changes to be made without
> oversight is dangerous and downright irresponsible!!
>
I am in the process of joining OpenSRS. One of the reasons for choosing
OpenSRS is the *ease* with which changes can be made to *all* fields.
Please do not do away with this. Companies change names, are bought, move
officies etc.
The paperwork involved with other registrars as well as the ridiculously
long time it takes and the extravagant fees are worse than an occasional
hijack, caused not by OpenSRS but by NSI. I know from experience that they
(NSI) are very difficult over not matching headers to a certain extent
only. You can change them yourselves in any mail program to the extent
they accept them. That's where the problem is: with NSI, not with
OpenSRS's password protected interface!
Marc Schneiders
marc@venster.nl
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:37 EDT