Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lameness

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 20 Sep 1999 09:45:07 -0700




In the category of "ought to know better...." I got this E-mail
today from Network Solutions. I own a bunch of domains. I suspect
a lot of you who read this list do. I suspect you'll all be
happy to know that they've created you an E-mail account under
your name, with a totally predictable user-name and password. :-P


This might not be news anymore, given the date this was first sent,
but since you brought it up...

http://www.2600.com/2600new/092099.html


 9/20/99

 We have been alerted to a serious vulnerability on a free
 web-based e-mail service that has recently been launched by
 Network Solutions Inc., otherwise known as the Internic - the
 people responsible for registering nearly all .com, .net, and .org
 addresses.

 Anyone taking them up on their offer for "free web mail" on their
 www.networksolutions.com/ page is both vulnerable and capable
 of accessing ANY ACCOUNT on the following domains:
      dotexpress.com
      mymailbag.com
      nsimail.com
      dotcomnow.com

 Once you have registered an account on their system, you can
 change the name of your account to ANY OTHER ACCOUNT
 simply by entering this URL:

 http://mail.dotcomnow.com/signup/poll/newaccount?dlang=default

 NO PASSWORD IS REQUIRED.

<snip>

Suffice to say that these aren't the people you want running your free
e-mail account.  The probably also aren't the ones you want running
 . (dot) but that's a separate problem.

One Slashdot last week, there was a great quote I have to steal:
"Network Solutions: We're the 'duh' in dot com".

                         Ryan
Previous By Date Next
Previous By Thread Next

Current thread: