comcast.net “hijacked”

Well, this isn’t exactly as bad as it sounds actually, but it’s worth noting that some people have not learned from the aol.com and other dns server redirections in the past.  What happens is someone submits a web form or spoofs an email and it moves the dns for your domain to some other servers.  In this case, the fallout will be felt for up to two days by some people.  This can seriously hurt your reputation as folks may think that the security of your relationship with your registrar is congruent with your overall security strategy.  Most (All?) registrars allow you to put your domain in some form of a locked mode.  My domain (nether.net) has the following flag set: clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited

It may be time to review what your settings are and make sure history does not repeat itself on your domains.

One Response to “comcast.net “hijacked””

  1. If an interview with the people claiming responsibility can be believed, they got access to the web domain management interface at comcast’s registrar (Verisign/NetworkSolutions).

    In that case, even having lock(s) set won’t totally protect you, since the attacker can disable the lock first and then make changes.