>Step 1: Send a spoofed email to Network solutions requesting > a DNS change to your own DNS server. > >Step 2: Wait for a short while (the amount of time it normally > takes Network Solutions to send out a confirmation > email request) > >Step 3: Send a second spoofed email confirming the request. > ><snip> > >Doesn't take too much rocket science to point out that other >than the obvious flaws in insecure email, the fact that >confirmations to make domain changes do not carry any >sort of tracking number make it possible for spoofed email >to confirm illegitimate requests. I think it might be >appropriate for Network Solutions to add at least THAT >much reliability into their confirmation scheme so that >that kind of change couldn't occur in the future... Every time I've requested a change, the confirmation comes back with a bracketed request number in the header, which consists of a date and a number. For example, last time I changed sybase.com, this was the title: [NIC-990901.4013] Modify Registration SYBASE.COM I've always assumed that this number was required, and constitutes the "tracking number" you mention. Admittedly, I haven't tried otherwise. I will say that I have noticed that these numbers used to be fairly sequential... I've done several changes in a row before. This is the same problem as TCP sequence prediction, only easier. So, if you've found some new wrinkle, I'm not seeing it in your e-mail... has something changed at NSI? Also, of course, if you mail can be stolen or sniffed, this is trivial. On the same topic... many other NICs are not quite as careful.. I've taken over various sybase.xx domains that my employees had registered, using dumb e-mail addresses that don't exist anymore. Often, this only took one e-mail, and I think many registrars took my request on faith because it came from a sybase.com address, and because I'm the contact on the main sybase.com domain. Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:22 PDT