![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
It's been a bad week for email... well, ok, for a lot more than that, though it's email that is mostly at risk in both disturbing items.
Researchers accidentally found a bug in gmail (the free Google email service) that reveals the contents of the previous transaction the server processed -- whatever its content. I.e., you could see other peoples' emails. Google managed to fix the bug about an hour after the story was slashdotted.
--------
Much more disturbing, because it will be harder to fix and is more disruptive, a post I'm calling, "The Security Implications of Domain Name Registrar choice and ICANN policies..."
In a disturbing turn of events, age-old (in Internet terms) commercial access provider Panix has had their main domain name, panix.com, hijacked. While panix.net works still correctly, panix.com is the domain used for their thousands of subscribers' email, web pages, etc.
Bad. Very bad. One wonders how it happened. Did the domain expire and get grabbed up? Did someone break into Panix's Dotster account? Did someone bamboozle Dotster? Did someone put in a transfer request that went unheeded by Panix (the new ICANN policy is that, "Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer")?
( The 'new' whois info for panix.com )
Note that everything including the nameservers has been changed. Email to users "@" panix.com may actually still work for a time, because DNS caches will maintain the data until it expires or the cache buffer gets overwritten. (For example, my DNS cache server shows 22 hours remaining on the cache timer for the "real" panix.com MX record.) The "new" www site has a placeholder page from freeparking.co.uk.
After the caches expire, web browsers will go to the bogus site, and mail to users "at" panix.com will go ... where-ever the people who hijacked the domain want. Unless it's quickly resolved. As I write this, the "new" MX records point to 207.61.90.0 and 142.46.200.0 -- network addresses rather than normal host IPs -- which means the mail probably will fail (and thus just queue up, and with luck be delivered to the real panix.com once this mess is cleared up). Fortunately, right now, the cache expiry on the 'new' MX record is 24 hours, while email delivery is normally attempted for 5-10 days, depending on the mail software and configuration.
( In case you can't get to it, here's the relevant content from Panix's REAL website about the hijacking )
Researchers accidentally found a bug in gmail (the free Google email service) that reveals the contents of the previous transaction the server processed -- whatever its content. I.e., you could see other peoples' emails. Google managed to fix the bug about an hour after the story was slashdotted.
Much more disturbing, because it will be harder to fix and is more disruptive, a post I'm calling, "The Security Implications of Domain Name Registrar choice and ICANN policies..."
In a disturbing turn of events, age-old (in Internet terms) commercial access provider Panix has had their main domain name, panix.com, hijacked. While panix.net works still correctly, panix.com is the domain used for their thousands of subscribers' email, web pages, etc.
Bad. Very bad. One wonders how it happened. Did the domain expire and get grabbed up? Did someone break into Panix's Dotster account? Did someone bamboozle Dotster? Did someone put in a transfer request that went unheeded by Panix (the new ICANN policy is that, "Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer")?
( The 'new' whois info for panix.com )
Note that everything including the nameservers has been changed. Email to users "@" panix.com may actually still work for a time, because DNS caches will maintain the data until it expires or the cache buffer gets overwritten. (For example, my DNS cache server shows 22 hours remaining on the cache timer for the "real" panix.com MX record.) The "new" www site has a placeholder page from freeparking.co.uk.
After the caches expire, web browsers will go to the bogus site, and mail to users "at" panix.com will go ... where-ever the people who hijacked the domain want. Unless it's quickly resolved. As I write this, the "new" MX records point to 207.61.90.0 and 142.46.200.0 -- network addresses rather than normal host IPs -- which means the mail probably will fail (and thus just queue up, and with luck be delivered to the real panix.com once this mess is cleared up). Fortunately, right now, the cache expiry on the 'new' MX record is 24 hours, while email delivery is normally attempted for 5-10 days, depending on the mail software and configuration.
( In case you can't get to it, here's the relevant content from Panix's REAL website about the hijacking )
