I sent this mail on May 16 to Ross. I didn't hear back anything more than
"I'll get on it immediately". I send this mail now to the list so anyone
can take precautions for himself.
I just found out that Tucows sets the username/password combination for
domains which get paid during redemption grace period ("Redemption Request
Form") to very obvious words. That means if you once renewed a domain this
way and sent the login password to the admin address or to yourself -
whoever gets this mail will know how to login to the management interface
for all redeemed domains (not only this one). I mean: for *all* domains
registered via Tucows ever redeemed that way and where these data weren't
changed again!
Cause of the problem:
It seems that when a domain gets renewed during that period it "falls out"
of the login profile and gets a new username/password. Tucows support sets
the data to very obvious words without telling the reseller or the owner.
This problem may exist with other registrars as well!
Kai
--
Kai Sch�tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
_______________________________________________
domains-gen mailing list
[email protected]
http://discuss.tucows.com/mailman/listinfo/domains-gen
