A simple, cheap method to lock down domains exists. Public company CTOs need to get on the ball.
CheckFree is warning 5 million customers about its domain name mishap last month where its nameservers were changed to forward its web site.
All the perpetrators did was get a password to CheckFree’s account at Network Solutions, log in, and change the nameservers to point to another server.
This same thing could happen to other companies, and public company executives should be held liable by shareholders for not taking simple steps to prevent this. There are at least two easy solutions I’ve written about before: Fabulous’ Executive Lock and Moniker’s Portfolio MaxLock. Fabulous’ service is free; Moniker’s costs a couple hundred bucks per year. That’s a small price to pay to avoid notifying 5 million people that you screwed up.
Recent court decisions have found public company board members responsible for protecting their intellectual property. It would seem that protecting domain names — especially mission critical ones like CheckFree.com, Dell.com, Amazon.com, and ATT.com, would fall under that realm.
So here’s a wake up call to public company CEOs and CTOs: if your registrar won’t offer this added level of protection, it’s time to move your domain names.
Netsol again???
Another solution (for domainers) would be to own your own private registrar.
For a public company, this type of dns hi-jacking could be devastating.
I’m sure they used a site monitoring service.
Why didn’t the service pick up the hijacking?
But, it could also be socially engineered at the hosting company even if it is a dedicated server.
Do corporate type registrars like MarkMonitor and CorporateDomains have add’l level of access? I don’t know.
Great thinking Ricardo.
You would think companies like Amazon etc would set up there own registrar to look after there thousands of domains.
Protection is key in any business!
Especially Online!
Regards,
Robbie
I suppose its all about gross neglegance. If this happened. Who was neglegent here? CheckFree or NetSol?
Gee sounds like these call in security measures are just so secure. I imagine that’s how this one was breached. (Remember Register.com’s auth code line of crap)