http://www.news.com/News/Item/0,4,31507,00.html?st.cn.Special.tkr.ne
Domain name glitch hits 10,000 names
By Dan Goodin
Staff Writer, CNET News.com
January 26, 1999, 7:00 p.m. PT
A Canadian man temporarily gained unauthorized control of more than 10,000
Internet addresses following a glitch that struck a database maintained by
Internic, which manages the plumbing for roughly 70 percent of the
Internet.
The problem occurred when the "handle" for domain registrar Register.com
was reassigned to a radio producer in Ottawa, Ontario. Handles are used as
a sort of short hand in Internic's WHOIS database to designate who is
responsible for administrative and technical upkeep of a given address, or
domain name.
Early this morning when RI52-ORG, Register.com's handle for more than a
year, was inexplicably reassigned, the new owner had control of more than
10,000 Internet sites that have authorized Register.com to provide
technical oversight of the addresses. The reassignment briefly granted the
Ottawa man technical control, potentially allowing him to reroute the
direction of traffic to a server when a user types in a specific address.
"We were aware of this problem this morning and it was corrected
immediately," said Register.com chief executive Richard Forman, who added
that Internic's internal database had been updated even though the WHOIS
database still showed the incorrect information as of 4 p.m. PT today.
"Nobody's sure what happened here," Forman said. "What we think happened
is that the Internic database transposed the administration [contact]
information with technical [contact] information."
Forman, who says his company has registered more than 200,000 domain
names, said it is impossible to know exactly how many sites were affected
by the glitch, but that the number was more than 10,000. None of the sites
suffered harm, he added.
The problem comes as Internic, which is administered by Network Solutions,
is experiencing performance problems in processing orders. NSI customers
complain, for instance, that NSI is taking weeks to process orders and in
some cases is losing the requests.
Forman said it would be "premature to say [the glitch] is an Internic
mistake" but could not rule out the possibility.
NSI spokesman Chris Clough said the problem "could have come from
virtually anywhere," adding that the company would begin investigating the
problem tomorrow.
Forman acknowledged that his RI52-ORG handle was not protected by either a
password or encryption, a factor that could have allowed an unscrupulous
third party to send Internic a fraudulent order requesting the handle
reassignment. Register.com is in the process of changing its handle so
that requests for changes must be authorized by a password, Forman said,
adding that the protection would not have made a difference if the problem
was caused by an internal error at NSI.
Dennis Willardt Zewillis, an author and consultant in Denmark who first
alerted Register.com to the glitch, said the problem demonstrates just how
important security is to domain name owners.
"I always recommend that my clients make sure that they are both
administrative, technical, and billing contact and that they use the
InterNIC contact methods of either choosing a PASSWORD that must follow
every email request to InterNIC" or use encryption protections, he wrote
in an email message to CNET News.com.
Separately, an official with the Commerce Department confirmed that the
agency, which grants NSI sole authority to administer addresses ending in
.com, .org, and .net, is investigating a complaint that the company is
giving priority to registration requests made through its own retail
service. Such favoritism would severely disadvantage competing registrars,
such as Register.com, and would breach NSI's contract with the government.
"We've asked NSI to respond to the complaint and we will pursue it if we
think there's anything to it," the official said.
NSI's Clough said he had yet to hear of the investigation and maintained
that the company adheres to a strict first-come, first-serve policy in
almost all cases. "[Favoritism] has happened once in over 3 million
regiatrations we've had," Clough said. The single instance, he added, was
a mistake that the company quickly corrected.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:13:53 1999