No doubt they'll claim that there's no evidence that this has been exploited in the wild. Which of course will be true as they weren't bloody logging anything!
.UK domains left at risk of theft in Enom blunder
Thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom. The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs. Any domains hijacked would have been “ …
-
-
Thursday 7th September 2017 09:24 GMT Lee D
I remember being on the receiving end of a complaint from a customer that their website that I managed for them was "gone". After much digging, the FTP site was completely empty. Given that only I had the access codes, it was quite strange as I hadn't touched that customer's site in months.
They were paying 123-Reg for FTP hosting, I set it up for them and they just paid it each year, so it wasn't really much to do with me, and I had backups so recovering it wasn't a big deal. But then I obviously told the customer what happened, and they complained to 123-Reg.
I got a really stroppy call from them soon after saying that I was lying, etc. etc. etc. So after much discussion, and getting through to the only guy who actually had techy access, I got to the bottom of the problem: They couldn't tell me who logged into FTP. When. From where. What was done. What backup those files were on. No way to restore from their backups. Nothing whatsoever.
So they could not disprove my "You just trashed the storage for the account, didn't you?" assertion. And they had to concede. Especially given as they had NO WAY to even say "Ah, but you logged in just before the files were reported missing" or whatever.
Shortly after, they lost all the custom anyway, but I couldn't fathom how a major web-host hosting business FTP servers at the prices they charge could not maintain the most basic of access logs.
-
-
-
Thursday 7th September 2017 11:13 GMT SteveK
The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs.
Any domains hijacked would have been “extremely hard or impossible” to recover, according to The M Group, the security firm that discovered the flaw.
Err, why? Surely if both victim and thief have Enom accounts, you just use the same trick to steal the domain back again?
-
Thursday 7th September 2017 11:37 GMT Alan J. Wylie
Surely if both victim and thief have Enom accounts, you just use the same trick to steal the domain back again?
Step 5 of the M group's advisory (linked to in the original article):
(optional) Immediately transfer the domain elsewhere by changing the IPS tag and registrant email address making the domain extremely difficult if not impossible to recover without a manual intervention
-
-
-
-
Thursday 7th September 2017 13:35 GMT Stuart 22
Re: "extremely hard or impossible” to recover
But you can still go back to Nominet - one of the few internet organisations with a usually helpful support desk. If the registrant name/organisation has not been changed then you can, as long as you can verify yourself.
Remember if they try to change registrant - its probably going to fail on verification. We often have issue with perfectly legitimate ones. if anything their controls are too tight. Which is good here.
This is probably the one great advantage of .uk - there is a lifeboat of local organisation rather more dedicated to serving the legitimate internet community than shareholders. Though this dedication is fading a little as subservience to government and the whims of expansionist CEOs take precedence.
Bottom line give 'em a call. They will want to help,
-
-
Biting the hand that feeds IT
