[ISN] Domain name glitch hits 10,000 names

From: mea culpa (jerichoat_private)
Date: Sat Jan 30 1999 - 01:06:47 PST

  • Next message: mea culpa: "[ISN] Speculators Inundate InterNIC"

    Domain name glitch hits 10,000 names
    By Dan Goodin
    Staff Writer, CNET News.com
    January 26, 1999, 7:00 p.m. PT
    A Canadian man temporarily gained unauthorized control of more than 10,000
    Internet addresses following a glitch that struck a database maintained by
    Internic, which manages the plumbing for roughly 70 percent of the
    The problem occurred when the "handle" for domain registrar Register.com
    was reassigned to a radio producer in Ottawa, Ontario. Handles are used as
    a sort of short hand in Internic's WHOIS database to designate who is
    responsible for administrative and technical upkeep of a given address, or
    domain name. 
    Early this morning when RI52-ORG, Register.com's handle for more than a
    year, was inexplicably reassigned, the new owner had control of more than
    10,000 Internet sites that have authorized Register.com to provide
    technical oversight of the addresses. The reassignment briefly granted the
    Ottawa man technical control, potentially allowing him to reroute the
    direction of traffic to a server when a user types in a specific address. 
    "We were aware of this problem this morning and it was corrected
    immediately," said Register.com chief executive Richard Forman, who added
    that Internic's internal database had been updated even though the WHOIS
    database still showed the incorrect information as of 4 p.m. PT today. 
    "Nobody's sure what happened here," Forman said. "What we think happened
    is that the Internic database transposed the administration [contact]
    information with technical [contact] information." 
    Forman, who says his company has registered more than 200,000 domain
    names, said it is impossible to know exactly how many sites were affected
    by the glitch, but that the number was more than 10,000. None of the sites
    suffered harm, he added. 
    The problem comes as Internic, which is administered by Network Solutions,
    is experiencing performance problems in processing orders. NSI customers
    complain, for instance, that NSI is taking weeks to process orders and in
    some cases is losing the requests. 
    Forman said it would be "premature to say [the glitch] is an Internic
    mistake" but could not rule out the possibility. 
    NSI spokesman Chris Clough said the problem "could have come from
    virtually anywhere," adding that the company would begin investigating the
    problem tomorrow. 
    Forman acknowledged that his RI52-ORG handle was not protected by either a
    password or encryption, a factor that could have allowed an unscrupulous
    third party to send Internic a fraudulent order requesting the handle
    reassignment. Register.com is in the process of changing its handle so
    that requests for changes must be authorized by a password, Forman said,
    adding that the protection would not have made a difference if the problem
    was caused by an internal error at NSI. 
    Dennis Willardt Zewillis, an author and consultant in Denmark who first
    alerted Register.com to the glitch, said the problem demonstrates just how
    important security is to domain name owners. 
    "I always recommend that my clients make sure that they are both
    administrative, technical, and billing contact and that they use the
    InterNIC contact methods of either choosing a PASSWORD that must follow
    every email request to InterNIC" or use encryption protections, he wrote
    in an email message to CNET News.com. 
    Separately, an official with the Commerce Department confirmed that the
    agency, which grants NSI sole authority to administer addresses ending in
    .com, .org, and .net, is investigating a complaint that the company is
    giving priority to registration requests made through its own retail
    service. Such favoritism would severely disadvantage competing registrars,
    such as Register.com, and would breach NSI's contract with the government. 
    "We've asked NSI to respond to the complaint and we will pursue it if we
    think there's anything to it," the official said. 
    NSI's Clough said he had yet to hear of the investigation and maintained
    that the company adheres to a strict first-come, first-serve policy in
    almost all cases. "[Favoritism] has happened once in over 3 million
    regiatrations we've had," Clough said. The single instance, he added, was
    a mistake that the company quickly corrected. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:37 PDT