Guest
On Monday, 12 August, 2002, DNF member "devolution" posted a detailed report of a (rather ingenious) hole he had found in domain name security...namely, a way domains with "invalid" admin contact email addresses could be fraudulently transferred.
It was decided by the mods and Dan that this post, because of its highly detailed description of this potential fraudulent methodology and the rather knavish way in which it was written (somewhat savouring the potential fraud, sort of the way movies like Ocean's Eleven portray their cinematic crimes in a positive light...but only somewhat), could not, in good conscience, be allowed on the board, and so they moved it to an area not accessible by the general DNF readership.
The new thread in which mod safesys announced he was moving devolution's thread became a debate about the pros and cons of this censorious decision, with members chiming in on both sides. It was decided by the mods, with Dan's apparent backing, that devolution's original thread should be kept off the board.
Since that thread contained what I and others think is useful information, I'll attempt to post the "main message" of that thread without treading into the "forbidden territory" of the original post.
Here goes (deep breath, brief kiss of St. Christopher's medallion):
If the admin contact email for your domain becomes "invalid," there are ways, depending on the means of "invalidation" (don't ask!...that's the forbidden part!), for unscrupulous persons to come into working possession of the invalid email, and use it to take control of your domain. As every domainer knows, the person who controls a domain's admin contact email, controls the domain.
Lesson: make sure the admin contact email address for all your domains is valid and in your control.
I hope this post passes muster with the DNF powers-that-be. If not, let me know and I'll work on it. If Winston Smith managed to find the right words (at least in the beginning), I suppose I can too.
Miles
It was decided by the mods and Dan that this post, because of its highly detailed description of this potential fraudulent methodology and the rather knavish way in which it was written (somewhat savouring the potential fraud, sort of the way movies like Ocean's Eleven portray their cinematic crimes in a positive light...but only somewhat), could not, in good conscience, be allowed on the board, and so they moved it to an area not accessible by the general DNF readership.
The new thread in which mod safesys announced he was moving devolution's thread became a debate about the pros and cons of this censorious decision, with members chiming in on both sides. It was decided by the mods, with Dan's apparent backing, that devolution's original thread should be kept off the board.
Since that thread contained what I and others think is useful information, I'll attempt to post the "main message" of that thread without treading into the "forbidden territory" of the original post.
Here goes (deep breath, brief kiss of St. Christopher's medallion):
If the admin contact email for your domain becomes "invalid," there are ways, depending on the means of "invalidation" (don't ask!...that's the forbidden part!), for unscrupulous persons to come into working possession of the invalid email, and use it to take control of your domain. As every domainer knows, the person who controls a domain's admin contact email, controls the domain.
Lesson: make sure the admin contact email address for all your domains is valid and in your control.
I hope this post passes muster with the DNF powers-that-be. If not, let me know and I'll work on it. If Winston Smith managed to find the right words (at least in the beginning), I suppose I can too.
Miles