Doh! Melbourne IT Admits Gaffe that Led to Panix Domain Hijack
January 24, 2005
January 24, 2005 -- (HOSTSEARCH.COM) -- Following the domain hijacking of Panix Melbourne IT has admitted their mistake in allowing the transfer to go through without following all the protocols for transfering a domain but claim they have made changes to insure that such a problem do not occur again.
"There was an error in the checking process prior to initiating the transfer, and thus the transfer should never have been initiated," wrote Melbourne CTO Bruce Tonkin in a recent blog. "The loophole that led to this error has been closed." The move from Dotster to Melbourne IT was initiated through an account at a Melbourne IT reseller, which was set up using stolen credit cards. "That reseller is analysing its logs and cooperating with law enforcement," he wrote.
"No notification was received by either our registrar, Dotster, or us," Ed Ravin, Panix admin, told CIO Today. "Whoever did this found a way to transfer domains without going through the normal process, and it's possible that anyone else's domain could be hijacked the same way."
"What the panix.com case clearly demonstrates is a lack of an emergency rollback procedure in the face of a bad transfer," Mark Jeftovic wrote at CircleID, a portal for discussion of domain and DNS issues. "Clearly, something went wrong in this case. Despite panix.com's belief that their registrar locks were set, somehow the domain was transferred. It matters little why or how it happened. The point is there is no emergency rollback procedure in place when something like this happens and there needs to be."
What all this boils down to in the big picture is how we can cooperate to live together on this planet and make things work for everyone and yet in a Darwinian sense perhaps the hackers the wreak havoc and cause untold amounts of damage are in their own way needed just as without disease or exposure to bacteria a group of isolated humans will their protection as their immune systems slowly degenerate. The question is where to draw the line between a useful warning to us all and a destructive nuisance, i.e. spam. blog comments powered by Disqus