Amazon.com and Pinterest among those sites more vulnerable to unauthorized nameserver changes.
Yesterday I wrote about how NYTimes.com could have avoided its nameserver hijacking on Tuesday had it paid about $50 a month for a service called Registry Lock.
As the 55th most trafficked website (Quantcast), it seems like a small price to pay to avoid downtime.
But The New York Times, which has since added Registry Lock, is not the only large website that hasn’t taken the extra step of adding this product.
In analyzing the top twenty .com web sites as ranked by Quantcast, six of them don’t have Registry Lock added:
Pinterest.com seems to be even more vulnerable than the others, as it appears to not even have a registrar lock turned on.
Interestingly, Microsoft does have the added protection on Microsoft.com and Bing.com, but not Live.com.
It’s still possible that an attacker could defeat Registry Lock and change a domain’s nameserver, but it would be a lot more challenging than what happened to The New York Times this week. In fact, although the perpetrators changed whois information for Twitter.com, they weren’t able to change the nameservers because Registry Lock was turned on.