Bugtraq mailing list archives
Re: Anyone can take over virtually any domain on the net...
From: njl98r () ECS SOTON AC UK (Nick Lamb)
Date: Sat, 15 Jan 2000 12:56:30 +0000
On Thu, Jan 13, 2000 at 02:35:02PM -0500, Shafik Yaghmour wrote:
You make a pretty huge assumption that the administrator of that domain will miss the response from network solutions or will do nothing about it, both of which are not very good assumptions. Although I do agree it should be more secure, I don't think it is necessarily easy, it is possible someone could be lucky and do it but they would be dumb to place any bets on it. After one attempt you would hope if the admin was not using CRYPT-PW they would start using it.
No, we make the really tiny assumption that netsol are not lying when they say the following in their documentation: (this is in the section for people NOT using Guardian) If you submit a Service Agreement to modify the domain name registration from administrativecontact () example com, or if the technical contact sends one from technicalcontact () example com, the request will be processed and neither one of you will be notified at any time during the transaction. Wake up! There is NO security for people who opt not to use Guardian, even a small child can post fake-mail so the From: check is worth absolutely nothing. Nick.
Current thread:
- ICQ Buffer Overflow Exploit, (continued)
- ICQ Buffer Overflow Exploit drew copley (Jan 11)
- Re: ICQ Buffer Overflow Exploit Dennis W. Mattison (Little Wolf) (Jan 12)
- Re: ICQ Buffer Overflow Exploit Michael DeSimone (Jan 13)
- Re: ICQ Buffer Overflow Exploit Tom Schumm (Jan 14)
- Re: ICQ Buffer Overflow Exploit Simon Steed (Jan 13)
- Anyone can take over virtually any domain on the net... Thomas Reinke (Jan 11)
- Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
- Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
- Blinding BIND to a moving domain D. J. Bernstein (Jan 12)
- Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)
- CyberCash MCK 3.2.0.4: Large /tmp hole Sheldon Young (Jan 12)
- Administrivia: ORBS Elias Levy (Jan 12)
- WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 12)
- Re: Hotmail security hole - injecting JavaScript using <IMG Grahame Bowland (Jan 05)