Domainz Security Problem/Warning
When a Registrar modifies or registers a domain name with the email template, a confirmation is CC'd to the name holder by Domainz. This confirmation includes the original email template, which includes the Registrar's ID and password. This means that any customers who have new or modified domains in the last week are now the proud owners of their ISP's Registrar ID and password - allowing them access to any domain name that the ISP is Registrar for. I urge anyone using the email template to check and see if this is happening for them, and also to change their Registrar password. I ask Domainz to (publicly) confirm this is a problem, and to announce a proposed timeline for a fix. Apparently this problem was logged as a bug during testing by another Registrar. I have confirmed with this other Registrar that the problem still exists for them also. Regards, James Bell (Private person, not speaking for anyone) --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
This confirmation includes the original email template, which includes the Registrar's ID and password.
This means that any customers who have new or modified domains in the last week are now the proud owners of their ISP's Registrar ID and password - allowing them access to any domain name that the ISP is Registrar for.
I cant see how any sensible ISP would want to carry on dealing with DOMAINZ while it is run by Patrick O'Brien. It is this sort of thing that convinced us that having anything to do with the new system was too greater risk. Any bets on how long it will take for POB to blame glazier for this and other major design problems? Regards Peter Mott Chief Enthusiast 2day.com -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Any bets on how long it will take for POB to blame glazier for this and other major design problems?
Date: Mon, 15 May 2000 11:25:16 +1200
From: Patrick O'Brien
James, I have asked Glazier to look into this and we will get back you. My regards, Patrick -----Original Message----- From: isocnz-l-admin(a)isocnz.org.nz [mailto:isocnz-l-admin(a)isocnz.org.nz]On Behalf Of James Bell Sent: Monday, 15 May 2000 11:10 a.m. To: nznog(a)list.waikato.ac.nz; isocnz-l(a)isocnz.org.nz Subject: [isocnz-l]Domainz Security Problem/Warning When a Registrar modifies or registers a domain name with the email template, a confirmation is CC'd to the name holder by Domainz. This confirmation includes the original email template, which includes the Registrar's ID and password. This means that any customers who have new or modified domains in the last week are now the proud owners of their ISP's Registrar ID and password - allowing them access to any domain name that the ISP is Registrar for. I urge anyone using the email template to check and see if this is happening for them, and also to change their Registrar password. I ask Domainz to (publicly) confirm this is a problem, and to announce a proposed timeline for a fix. Apparently this problem was logged as a bug during testing by another Registrar. I have confirmed with this other Registrar that the problem still exists for them also. Regards, James Bell (Private person, not speaking for anyone) _______________________________________________ go to http://listserver.actrix.co.nz/mailman/listinfo/isocnz-l for subscription/unsubscription information. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Mon, 15 May 2000, Patrick O'Brien wrote:
I have asked Glazier to look into this and we will get back you.
Can I suggest that the proper reaction to this problem is to stop all modifications to the register, effective immediately? Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
If only there were an official channel to request this. But it seems that Domainz/Glazier is going to do whatever they want anyway. Interesting to note though that after requesting to be made registrar for my own domain, I have been given an UNALLOCATED registrar instead. Dean On Mon, May 15, 2000 at 11:38:23AM +1200, Joe Abley wrote:
On Mon, 15 May 2000, Patrick O'Brien wrote:
I have asked Glazier to look into this and we will get back you.
Can I suggest that the proper reaction to this problem is to stop all modifications to the register, effective immediately?
Joe
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- ----------------------------------------------------------------------- Dean Pemberton - dp(a)lucent.com Linux User# 157870 Guy who does stuff at Lucent Technologies - Bell Labs Innovations Lvl 38, 55 Collins St, Melbourne 3000, Australia ----------------------------------------------------------------------- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Neither Buffoonz nor glazier set up a unmoderated mailing list for registrars (and other interested parties) to voice their concerns (or praises) about the new system. Very wise guys, very wise. Instead nznog and isocnz-l are getting clogged with posts relating to the new Domainz system *g* On Mon, 15 May 2000, Dean Pemberton wrote:
If only there were an official channel to request this. But it seems that Domainz/Glazier is going to do whatever they want anyway.
Interesting to note though that after requesting to be made registrar for my own domain, I have been given an UNALLOCATED registrar instead.
Dean
On Mon, May 15, 2000 at 11:38:23AM +1200, Joe Abley wrote:
On Mon, 15 May 2000, Patrick O'Brien wrote:
I have asked Glazier to look into this and we will get back you.
Can I suggest that the proper reaction to this problem is to stop all modifications to the register, effective immediately?
Joe
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Neither Buffoonz nor glazier set up a unmoderated mailing list for registrars (and other interested parties) to voice their concerns (or praises) about the new system. Very wise guys, very wise. Instead nznog and isocnz-l are getting clogged with posts relating to the new Domainz system *g*
But isn't is *so* much more fun to publically ridicule the developers under the guise of bug reports? 8-) -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (8)
-
Chris Rigby -
Dean Pemberton -
Don Stokes -
James Bell -
Joe Abley -
Patrick O'Brien -
Peter Mott -
Simon Green