"domain name front running"

["Larry Seltzer" <Larry () larryseltzer com>]

It's when you check the availability of a domain, find it's not taken,
go back in a day or two to register it, and it's taken. Probably by some
shady outfit like (in the case of my tests) Chesterton Holdings. 
 
ICANN calls it "domain name front running"
(http://www.icann.org/committees/security/sac022.pdf). Last year when I
wrote about it (http://www.eweek.com/article2/0,1759,1991365,00.asp) I
called it "whois hijacking"
 
ICANN has heard reports of it, and while they're not sure there's
anything there, they agree that there is a perception there. Got that?
 
I know what I saw, so I know it can happen. I'm still not sure how this
is being done, but I think it's in small enough numbers that it's
probably being done through pinpoint compromises of servers here and
there involved in "Is this domain name available" web form. Could be the
web server, could be the DNS, could be some app server. Either that or
someone is selling the whois logs under the table. 
 
I should also say I've gotten reports of this phenomenon from lots of
people who used many different services to check domain availability. I
never spoke to anyone who uses a command line whois talking to
internic.net, but that's not what most people do.
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/> 
http://blogs.eweek.com/cheap_hack/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer> 
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.