Hijacked Web addresses show weak link in Net

Hijacked Web addresses show weak link in Net

Summary: According to reports from the Toronto Star Friday two Web addresses were fraudulently redirected from Canadian companies leaving the owners' sites unreachabable for many days.

TOPICS: Networking

Web.net, an email and information site for 3,500 charities and volunteer groups, and holiday website Bali.com had their domain names re-registered to people in Hong Kong and Madrid respectively.

The registrar handling those names, Network Solutions, eventually restored the sites to their rightful owners, but during the outage the owners estimated 400,000 emails went astray from web.net and $100,000 in bookings were lost from bali.com.

"It happened through a simple spoofing," said Brian O'Shaughnessy, program director, policy and registry at Network Solutions. "In these cases, individuals spoofed emails to us, automated systems recognised the fake email header information and made someone else the owner. These things are incredibly unfortunate but very infrequent."

When a site is registered with Network Solutions, the owner can elect to set up a password or a PGP-based system to authenticate messages requesting changes. However, the default is just to accept requests if they appear to be emailed from the original registration address. "We suggest stronger security measures", said O'Shaughnessy, "but we have over ten million people using us, and 30,000 registrations a day. 99.9 percent of the time it works incredibly well. I don't want to minimise the problem, but it doesn't mean the system failed. Obviously, all the major commercial clients use stronger protection than the 'mail from' field in an email header."

Chris Lewis, ZDNet's technical director, recommends that anyone registering a domain name should ensure that at least a password is required to reassign the name, but PGP is preferable. "You'd have to be an idiot not to use the strongest security available to you."

What do you think? Tell the Mailroom. And read what others have said.

Take me to Hackers

Topic: Networking

Rupert Goodwins

About Rupert Goodwins

Rupert started off as a nerdy lad expecting to be an electronics engineer, but having tried it for a while discovered that journalism was more fun. He ended up on PC Magazine in the early '90s, before that evolved into ZDNet UK - and Rupert evolved with them into an online journalist.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion