| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040908130407.GH26702@gxis.de> From: ab at lists.gxis.de (Alexander Bochmann) Subject: Teen hacker controls ebay ...on Thu, Sep 09, 2004 at 12:17:59AM +1200, Nick FitzGerald wrote: > Jeffrey Denton wrote: > > $ whois -h whois.opensrs.net. ebay.de > > Registration Service Provider: > > DBMS VeriSign, dbms-support@...isign.com > Issuing code-signing certs in Microsoft's name to non-MS folk. > Reassiging a major eBay domain to Joe Schmoe just because he filled in > a web form. > Is there anything in common here apart from incompetence and obvious > lack of trustworthiness of this company's core business operations? In this case, Verisign can't be blamed - at the time of the owner change, Tucows was responsible for ebay.de and should have denied the transfer (DENIC's system defaults to "yes" if no answer is received, as others already mentioned). Nevertheless, it was the responsibility of the provider requesting the transfer to check if his customer was authorized to have the domain transferred - obviously, cost pressure makes the domain traders skip a few steps here. So, better have your domains handled by someone who knows the rules (especially if you're not Ebay and no one is going to solve your problems in a few hours instead of days). Alex.
Powered by blists - more mailing lists