[swinog] =?iso-8859-1?Q?Re:_=5Bswinog=5D_Security_=E0_la_SWITCH_-_nic.ch?=

Wed, 12 Nov 2003 10:32:46 -0800 

Hi!

AFAIK, the requests placed through that "trick" have to be approved by the
domain holder. No changes will be made directly. I fully agree, this is a
bug, but it's not a real security hole / problem.

Matthias


----- Original Message ----- 
From: "Philipp Morger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 12, 2003 6:21 PM
Subject: Re: [swinog] Security � la SWITCH - nic.ch


On Wed, Nov 12, 2003 at 10:04:38 +0100, Kurt A. Schumacher wrote:
> I consider this a MAJOR security breach. This has been repeatedly reported
> to nic.ch - including their legal and compliance department (SWITCH
security
> responsible) - over the last 12 months:

Well, I would call it "fahrl�ssig" - with this information sent via
cleartext.
Might be worth to submit to the "Datenschutzbeauftragter" (I wonder, why it
isn't
called "Datenschutzdepartement" - there can't be so few issues which
just requires just one person)

What's the legit status anyway? I mean, there are folks out there that
send confidential data over mobile phones, fax or regular phone... any
of these could get eavesdroped...  so does you daily mail.

> Official answer: "We can not understand your problem." Not even a sorry,
or
> a thank you. They promised looking for it - but nothing changed again.
If I'm not wrong, you can send online a request to get your access
information - so the payment-mail sent with the link does not provide more
information than the mail you (or who ever) would get with this request...

> SWITCH - nic.ch - a ignorant and stupid organization.Well, that's almost
anyone that sends access information in cleartext
mails... the problem is, that there's almost no security mechanism in
place - I doubt that if switch would provide (and please do) a way to
submit a gpg-key to get emails encrypted that it would be used by a wide
userbase anyway...

Don't blame switch, it's a software problem >;)

Regards
Philipp

-- 
     _;\_    Philipp Morger / PHM2-RIPE     System & Network Administrator
    /_.  \   Dolphins Network Systems AG    Phone +41-1-847'45'45
   |/ -\ .)  Email:     <[EMAIL PROTECTED]>
 -'^`-   \;  Don't send mail to:     [EMAIL PROTECTED]

----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/



----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Reply via email to