al Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 14, 2000 10:26 AM
Subject: Re: Anyone can take over virtually any domain on the net...
I didn't think you could spoof a domain registration change so easily;
looking at this post: "http://www.sans.org/y2k/
On Thu, Jan 13, 2000 at 02:35:02PM -0500, Shafik Yaghmour wrote:
You make a pretty huge assumption that the administrator of
that domain will miss the response from network solutions or will do
nothing about it, both of which are not very good assumptions. Although I
do agree it should
You make a pretty huge assumption that the administrator of
that domain will miss the response from network solutions or will do
nothing about it, both of which are not very good assumptions.
Many domains have contacts that use free email services like HotMail, and
with the long string
On Fri, Jan 14, 2000 at 10:26:44AM -0500, "[EMAIL PROTECTED]" [EMAIL PROTECTED] wrote:
This confims what I always thought; that there was a unique number in
the response that was needed for the ACK.
True. If the domain is setup to require ACK before transferring. Many (most?)
are setup to
There have been a number of times when a customer of ours wishes to
move a domain to us. Latest case, they had a domain with another
provider, and the admin and billing contact were listed under
[EMAIL PROTECTED] of the owner. For whatever reason his e-mail at
domain.com was not working,
einke [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 12, 2000 12:27 AM
To: [EMAIL PROTECTED]
Subject: Anyone can take over virtually any domain on the net...
Wired recently ran an article on the fact that someone
recently hijacked a number of domains in the Network
Solutions
This isn't particularly new, as anyone who doesn't use Guardian to
protect their handle/contact information can have their data changed.
For instance, a while back my email address changed and I was able to
change the email address of my handle without being required to
receive email at the
Once upon a time, Thomas Reinke [EMAIL PROTECTED] said:
BTW, Network Solution's instructions on changing the
scheme to a userid and password based system doesn't
work very well. We've attempted on several occasions
to do this with no luck...thereby forcing on us the guardian
scheme :(
I've
On Wed, 12 Jan 2000, Thomas Reinke wrote:
At first I thought this had to be a joke. After thinking
about it, I realized that its no joke at all, and in
fact quite easy to do.
Step 1: Send a spoofed email to Network solutions requesting
a DNS change to your own DNS server.
Step 2:
From [EMAIL PROTECTED] Thu Jan 13 19:14:53 2000
From: Thomas Reinke [EMAIL PROTECTED]
Step 2: Wait for a short while (the amount of time it normally
takes Network Solutions to send out a confirmation
email request)
It is, however, a slight "security" (?!) that the
Wired recently ran an article on the fact that someone
recently hijacked a number of domains in the Network
Solutions database using email spoofing.
At first I thought this had to be a joke. After thinking
about it, I realized that its no joke at all, and in
fact quite easy to do.
Step 1: Send
11 matches
Mail list logo
