/>
X

A Year Ago: Hijacked Web addresses show weak link in Net

According to reports from the Toronto Star Friday two Web addresses were fraudulently redirected from Canadian companies leaving the owners' sites
rupert-goodwins.jpg
Written by Rupert Goodwins on

Web.net, an email and information site for 3,500 charities and volunteer groups, and holiday website Bali.com had their domain names re-registered to people in Hong Kong and Madrid respectively.

The registrar handling those names, Network Solutions, eventually restored the sites to their rightful owners, but during the outage the owners estimated 400,000 emails went astray from web.net and $100,000 in bookings were lost from bali.com.

"It happened through a simple spoofing," said Brian O'Shaughnessy, program director, policy and registry at Network Solutions. "In these cases, individuals spoofed emails to us, automated systems recognised the fake email header information and made someone else the owner. These things are incredibly unfortunate but very infrequent."

When a site is registered with Network Solutions, the owner can elect to set up a password or a PGP-based system to authenticate messages requesting changes. However, the default is just to accept requests if they appear to be emailed from the original registration address. "We suggest stronger security measures", said O'Shaughnessy, "but we have over ten million people using us, and 30,000 registrations a day. 99.9 percent of the time it works incredibly well. I don't want to minimise the problem, but it doesn't mean the system failed. Obviously, all the major commercial clients use stronger protection than the 'mail from' field in an email header."

Chris Lewis, ZDNet's technical director, recommends that anyone registering a domain name should ensure that at least a password is required to reassign the name, but PGP is preferable. "You'd have to be an idiot not to use the strongest security available to you."

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone