[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] Ricochet.net domain name gets hacked




On 04-Jan-2000 Andy Gardner wrote:
>>At 11:37 3/01/00 -0500, Martin B. Schwimmer wrote:
>>>
>>>http://www.redherring.com/insider/1999/1230/news-metricom.html?id=yahoo
>>>
>>
>>Black mark for NSI here.
> 
> I disagree in this case.
> 
> NSI offers people the use of PGP authentication or even basic password
> authentication for the protection of their data in the NSI database.
> 
> The black mark goes to the technical staff at Metricom for not making use
> of the available authentication techniques, opting for the easily hacked
> MAIL-FROM instead.

Exactly.  That same weekend, there were a large number of attempts to hijack
domains, by people looking for company domains that had weak mail-from security
on their handles, and taking advantage of the fact that since it was a long
weekend, the notification that the change had went through wouldn't be looked
at for 3 days or more.  

I know NSI did emergency work to fix a number of other domains where the handle
notification actually went to someone who was on-call at that company, and thus
alerted them to what was going on.  Several domains were fixed, including
Sprynet.net and bellsouth.net, according to reports I saw.
 
>>But what about the "legal" hijack of americascup.com that now (with the
>>help of a simple *temporary* restraining order, issued by the long arm of a
>>California court against an overseas defendant) redirects to Quokka Sports'
>> americascup.org website?
> 
> I find the etoy.com case more abhorrent. Their domain (which existed before
> etoys.com) gets pulled on the basis of a restraining order. That sucks the
> Kumara big time.
> 

Yes, especially when the restraining order directed the DEFENDENT to do
something (not use the domain for their website) and did not direct that the
Regsitrar do ANYTHING at all. The restraining order still permited them to use
the domain, for example, for email.  NSI's actions went far beyond what the
court order had actually done, and they did it entirely on their own, not being
subject to any court order to do so.  Apparently etoys.com was involved in
seeking that, however.

I would consider a lawsuit against NSI for this, and an expansion of the lawsuit
against EToys.com to include the act to deprive etoy.com of their legal rights
by manipulating NSI to suspend the domain.


--
William X. Walsh <william@dso.net>
DSo Networks  http://dso.net/
Fax: 877-860-5412 or +1-559-851-9192