Firewall Wizards mailing list archives
Re: lameness
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 20 Sep 1999 09:45:07 -0700
In the category of "ought to know better...." I got this E-mail today from Network Solutions. I own a bunch of domains. I suspect a lot of you who read this list do. I suspect you'll all be happy to know that they've created you an E-mail account under your name, with a totally predictable user-name and password. :-P
This might not be news anymore, given the date this was first sent, but since you brought it up... http://www.2600.com/2600new/092099.html 9/20/99 We have been alerted to a serious vulnerability on a free web-based e-mail service that has recently been launched by Network Solutions Inc., otherwise known as the Internic - the people responsible for registering nearly all .com, .net, and .org addresses. Anyone taking them up on their offer for "free web mail" on their www.networksolutions.com/ page is both vulnerable and capable of accessing ANY ACCOUNT on the following domains: dotexpress.com mymailbag.com nsimail.com dotcomnow.com Once you have registered an account on their system, you can change the name of your account to ANY OTHER ACCOUNT simply by entering this URL: http://mail.dotcomnow.com/signup/poll/newaccount?dlang=default NO PASSWORD IS REQUIRED. <snip> Suffice to say that these aren't the people you want running your free e-mail account. The probably also aren't the ones you want running . (dot) but that's a separate problem. One Slashdot last week, there was a great quote I have to steal: "Network Solutions: We're the 'duh' in dot com". Ryan
Current thread:
- lameness Marcus J. Ranum (Sep 18)
- <Possible follow-ups>
- Re: lameness Ryan Russell (Sep 20)