lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ab at lists.gxis.de (Alexander Bochmann)
Subject: Teen hacker controls ebay

...on Thu, Sep 09, 2004 at 12:17:59AM +1200, Nick FitzGerald wrote:

 > Jeffrey Denton wrote:
 > > $ whois -h whois.opensrs.net. ebay.de
 > > Registration Service Provider:
 > >    DBMS VeriSign, dbms-support@...isign.com
 > Issuing code-signing certs in Microsoft's name to non-MS folk.
 > Reassiging a major eBay domain to Joe Schmoe just because he filled in 
 > a web form.
 > Is there anything in common here apart from incompetence and obvious 
 > lack of trustworthiness of this company's core business operations?

In this case, Verisign can't be blamed - at the time 
of the owner change, Tucows was responsible for ebay.de 
and should have denied the transfer (DENIC's system 
defaults to "yes" if no answer is received, as 
others already mentioned).

Nevertheless, it was the responsibility of the 
provider requesting the transfer to check if 
his customer was authorized to have the domain 
transferred - obviously, cost pressure makes 
the domain traders skip a few steps here.

So, better have your domains handled by someone 
who knows the rules (especially if you're not 
Ebay and no one is going to solve your problems 
in a few hours instead of days).

Alex.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ