29th Dec, 2007

Domain Hijacking Concerns

Various threats to domain owners’ security have reared their ugly heads of late.First, there’s the ongoing suggestion that domain tasters may be finding ways to keep an eye on unsuspecting registrants’ WHOIS queries. The worry is that, when one does a WHOIS check on a registrar’s website to see if a domain is available, someone could be tapping into users’ queries and using them to decide which domains to register. Of course, this could be very profitable for tasters, who get a sneak preview of domains in which someone has already expressed an interest. However, for the unfortunate registrant, checking up on a domain and finding it available, only to check back an hour later and discover that it’s been registered by some monolithic domaining company, is profoundly depressing, not to mention frustrating.

ICANN doesn’t like to talk about this kind of thing, and as yet there’s no hard evidence that tasters have found a way to do this. However, to be on the safe side, ICANN has kindly released a PDF with some tips to avoid falling victim to what has been called ‘domain name front-running’.

From the sublime to the ridiculous; as if that wasn’t enough, some are now concerned that a flaw in Google’s email service has allowed a domain hijacker to steal a domain name from under someone’s nose. Web designer David Airey lost his domain to hackers in early December, who had made a transfer request for his domain, and then exploited a weakness in his Gmail account which allowed them to forward the confirmation email to a third-party email address. Google has since rectified the flaw, but has advised everyone who uses Gmail/Google Mail to check their account settings and ensure that they have not been affected by it.

The good news is that Airey managed to reclaim his domain - hurrah! - but this should act as a reminder that domain names are valuable commodities. Make sure you do everything in your power to protect your domain name, including obvious things like keeping your registrar’s records of your contact details up-to-date. Also, it’s best not to use a free email address to register your domain names, as free webmail services are often the most easily exploited.

Resources:

Gmail exploit aids domain hijack.

ICANN’s advice to domain registrants. (PDF)

Posted by: domainstreet

Categories:
Security and Scams
Tips and Tools
Domain Registration
Domain News

Leave a response

You must be logged in to post a comment.

Categories