The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs.Any domains hijacked would have been “extremely hard or impossible” to recover, according to The M Group, the security firm that discovered the flaw.
Err, why? Surely if both victim and thief have Enom accounts, you just use the same trick to steal the domain back again?
Biting the hand that feeds IT
