Amazon.com and Pinterest among those sites more vulnerable to unauthorized nameserver changes.
Yesterday I wrote about how NYTimes.com could have avoided its nameserver hijacking on Tuesday had it paid about $50 a month for a service called Registry Lock.
As the 55th most trafficked website (Quantcast), it seems like a small price to pay to avoid downtime.
But The New York Times, which has since added Registry Lock, is not the only large website that hasn’t taken the extra step of adding this product.
In analyzing the top twenty .com web sites as ranked by Quantcast, six of them don’t have Registry Lock added:
Amazon.com
Pinterest.com
Tumblr.com
Answers.com
Live.com
Ask.com
Pinterest.com seems to be even more vulnerable than the others, as it appears to not even have a registrar lock turned on.
Interestingly, Microsoft does have the added protection on Microsoft.com and Bing.com, but not Live.com.
It’s still possible that an attacker could defeat Registry Lock and change a domain’s nameserver, but it would be a lot more challenging than what happened to The New York Times this week. In fact, although the perpetrators changed whois information for Twitter.com, they weren’t able to change the nameservers because Registry Lock was turned on.
“ASK.com”
The ask toolbar is aggressive spyware that sneaks into your computer. I have no sympathy whatever for that company.
Pay Verisign the extortion fee? Why?
Which registrars offer Registry Lock for $50/mo.? Is not registrar transfer lock free of charge?
@ M.G. – this is a registry lock, not a registrar lock. It requires registry intervention to change the nameservers or transfer the domain when you use registry lock.