nanog mailing list archives
Re: NSI's registrar db hacked
From: Steve Gibbard <scg () wwnet net>
Date: Thu, 13 Apr 2000 16:08:05 -0400 (EDT)
I modified my NSI contact handle last week. I sent in the modification template from an address other than what was listed on the contact record, expecting to get something sent to the listed address asking me to ack the change, but instead the change just went right through. The mail from authentication was never very secure, as it would accept whatever was on the From: line as suitable authentication, but this seemed even worse than usual. I can't say this domain hijacking surprises me much. -Steve On Thu, 13 Apr 2000, Rodney Joffe wrote:
Looks like another hole in the NSI registrar (not registry) system has been found and exploited. Apparently some 2,000 domains have been hijacked, so if something weird has happened to a domain of yours, this may explain it... Whois lucasfilm.com Query: indianajones.com Registry: whois.networksolutions.com Results: Registrant: Lucasfilm Ltd (INDIANAJONES5-DOM) senojanaidn 12 Tirana, Albania 10000 AL Domain Name: INDIANAJONES.COM Administrative Contact, Technical Contact, Zone Contact, Billing Contact: indianajones, inetn (IIO27) justdoit () MEGAPOST NET indianajonesorgni senojanaidn 12 Tirana, Albania 10000 AL 323432444 (FAX) 323432431 Record last updated on 10-Apr-2000. Record expires on 02-Oct-2000. Record created on 01-Oct-1997. Database last updated on 12-Apr-2000 04:49:41 EDT. Domain servers in listed order: NS1.WEBPROVIDER.COM 209.143.154.70 NS2.WEBPROVIDER.COM 207.226.255.71 Results brought to you by the GeekTools WHOIS Proxy v3.0 Server results may be copyrighted and are used with permission. Your host (204.74.78.193) has visited 2 times today. Story appears at http://filmforce.ign.com/news/781.html pointer provided by jra :-) The url does take you to the lucasfim website now, but earlier it took you to Webprovider.com. The above story has a screencapture of the way it looked. -- Rodney Joffe CenterGate Research Group, LLC. http://www.centergate.com "Technology so advanced, even we don't understand it!"(SM)
-- Steve Gibbard WWNet System Administration +1 734 513-7707 x 2009 http://www.wwnet.net
Current thread:
- NSI's registrar db hacked Rodney Joffe (Apr 13)
- Re: NSI's registrar db hacked Steve Gibbard (Apr 13)
- <Possible follow-ups>
- Re: NSI's registrar db hacked Rodney Joffe (Apr 13)
- Re: NSI's registrar db hacked Marc Slemko (Apr 13)
- Re: NSI's registrar db hacked Majdi S. Abbas (Apr 13)
- Re: NSI's registrar db hacked Rodney Joffe (Apr 13)
- Re: NSI's registrar db hacked Michael P. Lucking (Apr 14)
- Re: NSI's registrar db hacked Forrest W. Christian (Apr 14)