Hm, Can anyone recommend a good, reliable, secure, host/registrar? Must have phone support and shouldn't be too expensive.
Greg > For those of you not on the BLU list, you might find this an interesting > read: > > http://old.nabble.com/Dreamhost-account-hacked-td28062149s24859.html > > In brief, a directed attack using social engineering was perpetrated > against my domain registrar, Dreamhost, and due to multiple failures on > their part, they granted the attacker access to my account, froze me > out, and hampered my ability to halt the attack. > > This started Saturday night, and by Sunday afternoon, given lax response > from Dreamhost, the attacker had succeeded in transferring my vl.com > domain, which is considered of high value due to being only two letters, > to a foreign registrar located in the Bahamas. > > Included in my posts are laughable chat transcripts between the attacker > and the Dreamhost support personnel, where support people were more than > happy to update contact info, supply plain text passwords, and force > through a domain transfer. > > Clearly, humans were the weakest link in this system. > > The good news is that the attacker never succeeded in compromising my > email account use as the domain contact (despite a few attempts) and the > foreign registrar has been convinced that there was enough fishy about > the transfer to put modifications on hold. So for the time being my name > server records are safe, and they haven't gained access to my vl.com > email traffic. (Though I'm pretty sure they only care about the domain > itself.) > > I've reported the attack to the local police and the FBI. > > Still tonight the attackers made attempts to reset the password on my > Google hosted account used as the contact address for the domain. > Undoubtedly so they can leverage it to send a forged letter to the > foreign registrar. > > -Tom > > -- > Tom Metro > Venture Logic, Newton, MA, USA > "Enterprise solutions through open source." > Professional Profile: http://tmetro.venturelogic.com/ > > _______________________________________________ > Boston-pm mailing list > Boston-pm@mail.pm.org > http://mail.pm.org/mailman/listinfo/boston-pm > -- _______________________________________________ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
