Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ICANN Loses Control of Its Own Domain Names

Soulskill posted about 6 years ago | from the heal-thyself dept.

Networking 61

NotNormallyNormal writes "CBC picked up an AP story about ICANN recently losing control over two of their domain names on Thursday, June 26. A domain registrar run by the group transferred the domains to someone else. ICANN's press release had this to say: 'As has been widely reported, a number of domain names, including icann.com and iana.com were recently redirected to different DNS servers, allowing a group to provide visitors to those domains with their own website. It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused.' Comcast has had similar troubles lately as well."

cancel ×

61 comments

Might be good for something (3, Insightful)

Calydor (739835) | about 6 years ago | (#24064773)

Maybe this'll show them what needs to be changed in the system. Also, err, first post? How?

Here's something funny (0, Funny)

Anonymous Coward | about 6 years ago | (#24064851)

ICANT

haha do you get this? this is soooo funny! lets start doing this from now on! ru with me or agin me?

Re:Might be good for something (4, Funny)

Mike89 (1006497) | about 6 years ago | (#24065103)

Also, err, first post? How?

I hear a group of rogue trolls tricked ICANN into making Slashdot.org resolve to goatse.cx. You must've come back at the right time (or wrong time, depending on whether you're into the kind of stuff ;))

Re:Might be good for something (0)

Anonymous Coward | about 6 years ago | (#24065785)

Despite the all the mythology surrounding it, the actual Goatse.cx website itself is a dead site.

Re:Might be good for something (1)

linj (891019) | about 6 years ago | (#24065751)

Also, err, first post? How?

Everyone else was busy reading the article. ... You must be new here. (:

ICAN'T (0)

Anonymous Coward | about 6 years ago | (#24064779)

Control my own domains never mind anything else. Please put me out of my misery already.

Re:ICAN'T (2, Funny)

Hal_Porter (817932) | about 6 years ago | (#24065149)

ICANN needs to be ICANNED?

Thanks! Try the veal and tip your waitress!

A new press release was issued, looks bleak :-( (1)

Jugalator (259273) | about 6 years ago | (#24064789)

Marina del Rey, CA (July 5, 2008) --

ENUF. :-( ICANN HAS MY DOMAINS PLZ?

About ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) is a technical coordination body for the Internet. Created in October 1998 by a broad coalition of the Internet's business, technical, academic, and user communities, ICANN is assuming responsibility for a set of technical functions previously performed under U.S. government contract by IANA and other groups.

In a perfect world (4, Funny)

ShakaUVM (157947) | about 6 years ago | (#24064795)

In a perfect world, this would serve as a wake-up call to ICANN that the current domain name policies are hideously flawed.

Of course, their heads are so far up their collective asses, though, that they'll just say it was an awesome example of domain tasting by a third party, and all part of the glorious monstrosity they have birthed.

HaHa (5, Funny)

soundguy (415780) | about 6 years ago | (#24064797)

Ha Ha

/nelson

Re:HaHa (0, Redundant)

ozbird (127571) | about 6 years ago | (#24064867)

-1 Redundant?! At time of writing there were 5 comments, none of which were like the parent post. Ergo, not redundant.

Metamoderate this moderator down.

Re:HaHa (2, Insightful)

Anonymous Coward | about 6 years ago | (#24064891)

Memes like the nelson laugh, beowulf cluster, soviet russia, etc are redundant because we get them all the time.

Re:HaHa (2, Funny)

Anonymous Coward | about 6 years ago | (#24065495)

Mentioning that those memes are redundant is redundant because it gets mentioned all the time ;)

Re:HaHa (0)

Anonymous Coward | about 6 years ago | (#24064985)

I suppose everybody heard Nelson in their heads upon reading the story, hence subsequently reading an explcit post of it felt redudant to everyone.

Re:HaHa (1)

Jugalator (259273) | about 6 years ago | (#24064991)

Maybe the post was considered redundant because that's the obvious reaction to the story?

Re:HaHa (1)

ConceptJunkie (24823) | about 6 years ago | (#24066875)

Exactly. That's what I would have written, although it's much more effective if you write "HAW HAW!"

Sophisticated ? (4, Informative)

stephanruby (542433) | about 6 years ago | (#24064811)

It's obvious [dnsstuff.com] they didn't follow their own rules by providing valid whois contact information [icann.org] .

Re:Sophisticated ? (5, Insightful)

Anonymous Coward | about 6 years ago | (#24064857)

ICANN, as far as I can tell, does not follow rules. Their one and only purposes seems to be to enrich the members of its board. As a result, we have a stagnant generic TLD system with new proposals, etc being designed to extract cash for them rather than benefit the world. I have no problem with them getting hacked -- throws a spotlight on their arrogance and corruption.

ICANN'T do anything to help the world because I am too busy getting paid.

Re:Sophisticated ? (3, Insightful)

kimba (12893) | about 6 years ago | (#24065071)

Perhaps you can explain what is not valid in the WHOIS information for these domains?

Re:Sophisticated ? (1)

dissy (172727) | about 6 years ago | (#24067077)

Perhaps you can explain what is not valid in the WHOIS information for these domains?

Perhaps you could open both links and see for yourself.

ICANN address from whois record [dnsstuff.com] (on domain):
      Registrant:
            Internet Assigned Numbers Authority
            (IANA) (IANA)
            4676 Admiralty Way, Suite 330
            Marina del Rey, CA 90292 US
            Email: *****@icann.org

      Administrative Contact:
            ICANN
            Roman Pelikh
            4676 Admiralty Way, Suite 330
            Marina del Rey, CA 90292
            Phone: +1.3103015821
            Email: *****@icann.org

      Technical Contact:
            ICANN
            Mehmet Akcin
            4676 Admiralty Way #330
            Marina del Rey, ca 90292 US
            Phone: +1.3103015810
            Email: ******@icann.org

The other link [icann.org] , containing their address, is a paper on ICANNs own website, titled "Letter from Louis Touton to Bruce Beckwith Regarding Breach of VeriSign Registrar's Accreditation Agreement (Whois Data Accuracy) - 3 September 2002"

    Bruce Beckwith
    Network Solutions, Inc. Registrar
    505 Huntmar Park Drive
    Herndon, VA 20170
    Tel: 1-703-742-4817

So to answer your question: Everything. The entire address, and their phone number. Even the full company name doesn't match!

Re:Sophisticated ? (1)

stephanruby (542433) | about 6 years ago | (#24067873)

Kimba, Thanks for the backup, but this isn't what I was talking about. I wish I had taken a screenshot of it. When I did that same exact whois search, the information was completely different. It returned correctly, but it contained the organization's name and nothing else.

I would consider this whois info you just posted valid information (as far as I'm aware). I don't think an organization should be faulted for having multiple addresses -- many organizations do have multiple addresses. Also, according to their own rules they would have 15 days to make that information valid, and if you're willing to trust my biased semi-anonymous internet testimony (which isn't much I must admit) they updated their records in less than 24 hours after my remark -- thus obeying their own rules (although the whois record itself clearly shows it was last updated on June 27th -- not yesterday, so if you didn't see the change yourself, I would expect most of you to think that I didn't really know what I was talking about).

Now, if someone can text message flood (-1, Offtopic)

Anonymous Coward | about 6 years ago | (#24064823)

Some cell phone execs, although I'm sure they have unlimited plans (or simply don't pay phone bills), so they can see the dangers of having to pay for incoming texts with no way to shut them off.

You pay for *incoming* messages? What the... (-1, Offtopic)

Hurricane78 (562437) | about 6 years ago | (#24065135)

oh... you live in a free market country... i see...

Do you pay for incoming calls too? Yes? okay... hmmm...

For incoming letters?

Fuel for incoming cars?

Nevermind.... all hail the industrial feudalism!

(...here comes the -1, I don't get it / -1, I don't like you ;)

Re:You pay for *incoming* messages? What the... (0)

Anonymous Coward | about 6 years ago | (#24065171)

it's called plutocracy

welcome to the real world

Re:You pay for *incoming* messages? What the... (4, Funny)

GradiusCVK (1017360) | about 6 years ago | (#24065231)

here comes the -1, I don't get it / -1, I don't like you

No, I'd say -1 Offtopic is sufficient, no need to invent new reasons to mod you down :-)

Re:Now, if someone can text message flood (0, Offtopic)

Hal_Porter (817932) | about 6 years ago | (#24065183)

Some cell phone execs, although I'm sure they have unlimited plans (or simply don't pay phone bills), so they can see the dangers of having to pay for incoming texts with no way to shut them off.

Wouldn't that be a bit like trying to mail bomb a BOFH?

Social Engineering to Take Over Entire TLDs (4, Interesting)

Ron Bennett (14590) | about 6 years ago | (#24064841)

When I first read this news several days ago, I thought it was referring to the root servers ...

What most don't know is that the TLDs (ie. com, .net, etc) themselves are registered in much the same manner as 2nd level domains are ... see the TLD Whois: http://whois.iana.org/ [iana.org]

The major TLDs (.com, .net, etc) are relatively safe, since any changes would likely be difficult to get through - with any changes quickly noticed ... as in within minutes, or even seconds; likely wouldn't even be that effective, since the most popular TLDs zone dns entries are heavily cached.

However, ccTLDs are a different story completely, since ccTLD zone name server changes are more common and thus such change requests would be far less scrutinized.

I've never heard of any TLD being hijacked, but could likely be easily done, since the social engineering involved would be very similar. A frightening prospect.

Ron

Re:Social Engineering to Take Over Entire TLDs (2, Informative)

jabley (100482) | about 6 years ago | (#24065779)

The major TLDs (.com, .net, etc) are relatively safe, since any changes would likely be difficult to get through - with any changes quickly noticed ... as in within minutes, or even seconds; likely wouldn't even be that effective, since the most popular TLDs zone dns entries are heavily cached.

However, ccTLDs are a different story completely, since ccTLD zone name server changes are more common and thus such change requests would be far less scrutinized.

I've never heard of any TLD being hijacked, but could likely be easily done, since the social engineering involved would be very similar.

Changes to TLD nameservers need to pass human inspection at the IANA, human inspection at the US Department of Commerce, and human inspection at Verisign (who provide maintenance for the root zone). This is in stark contrast to the largely mechanical process by which domains in gTLD and ccTLD registries are modified.

Requests to change entire NS sets (as opposed to simply dropping a couple and adding a couple of other nameservers) are typically stalled early in the process while the IANA requests justification for why the entire set is being changed at once.

Hijacking a TLD would require a lot more social engineering than your note suggests.

URL (5, Funny)

thedrx (1139811) | about 6 years ago | (#24064863)

http://www.cbc.ca/technology/story/2008/07/04/icann-pwned.html

Anyone else think the URL is hilarious?

Re:URL (2, Funny)

Hatkirby (1315373) | about 6 years ago | (#24065127)

It is! Very strange.... Now, you need to ask yourself, Did they pick that out themselves or did Wordpress (or whatever) generate it for them? *giggle*

Losing Domain names (-1, Troll)

zoomshorts (137587) | about 6 years ago | (#24064929)

I smell a retarded ex-employee. Ooops.

ICANN? (-1, Redundant)

TX297 (861307) | about 6 years ago | (#24064993)

More like ICANT

The bad pun just has to be made... (0)

Anonymous Coward | about 6 years ago | (#24065081)

IANA.com(I am not a .com) but.....

Why do we need registrars? (2, Interesting)

jibjibjib (889679) | about 6 years ago | (#24065143)

Why do registrars even have to exist? And why does ICANN need to pay other companies to run the actual DNS infrastructure? If ICANN ran .com, .org and .net itself, and there were no registrars/resellers, and every time someone paid for a domain all the money went straight to ICANN, surely ICANN would have enough money to run all the DNS infrastructure itself very well. Then we wouldn't have to deal with all the dodgy things that registries and registrars do, like Verisign's "Site Finder", and various slightly evil registrars stealing domains, and various registrars being incredibly insecure and transferring domains to hackers without proper authentication.

You are ADORABLE. (0, Troll)

Anonymous Coward | about 6 years ago | (#24065317)

ICANN would rape your mother if it got them an extra nickel.

Captcha: reared

Re:Why do we need registrars? (1)

spydabyte (1032538) | about 6 years ago | (#24065551)

Why re-invent fire? If someone in the industry already knows how and provides the service for a fee you're willing to pay because it's much less than what it would cost you to learn, secure, and implement properly, then why do it again, pay more for it, and not sleep well at night? Let the other guy lose sleep.

Re:Why do we need registrars? (2, Insightful)

tokul (682258) | about 6 years ago | (#24065613)

ICANN would have enough money to run all the DNS infrastructure itself very well.

They will have less money, if they have to support the DNS infrastructure.

Re:Why do we need registrars? (4, Insightful)

kvezach (1199717) | about 6 years ago | (#24065677)

If they did that, it'd be Network Solutions all over again. Remember their exorbitant monopoly prices when they were the only shop in town? Like that.

Re:Why do we need registrars? (1)

Fred_A (10934) | about 6 years ago | (#24070553)

If they did that, it'd be Network Solutions all over again. Remember their exorbitant monopoly prices when they were the only shop in town? Like that.

Actually I remember when there was only one shop in town and it was free.

Re:Why do we need registrars? (1)

Fred_A (10934) | about 6 years ago | (#24088751)

Few old timers around it seems :)

No problem! (4, Funny)

Veggiesama (1203068) | about 6 years ago | (#24065247)

They had no problem getting the domains back. They just kept saying to themselves, "I think ICANN! I think ICANN!"

ICANN and IANA it's been a stormy affair (2, Interesting)

Magdalene (263144) | about 6 years ago | (#24065359)

well, Without them There wouldn't be an internet, for one.

After reading their news release, this goes from "whoo 31337 h4x0r5 shr R Sm4r7" to disgruntaled soon to be ex employee getting he and and all his friends 12 year domains for free for as long as the DNS record is changed. It was an inside job by someone who had access to the Registrar's internal network.

Whoever made the change knew the system and how ICANN and IANA work, and also knew that ICANN can not really say 'well if you got your domain during this 'attack' we want you to pay us some more money' although they may try that. Legally, I am pretty sure it wouldn't stand up to a challenge in court.

Its nice to have a topic where my 2 cents actually mean something finally.

-MnM

Domain Despute Goddess before the fall.plain old tech goddess afterwards ;)

Serves them right (-1, Troll)

biscon (942763) | about 6 years ago | (#24065379)

ICANNhazdomainznamezzplz *insert picture of retarted looking cat getting beat up with a model m keyboard*

lastweeksnews (0, Offtopic)

davidwr (791652) | about 6 years ago | (#24065407)

I submitted this a week ago and a firehose reader modded it down quickly.

What changed to make this important now if it wasn't important then?

On a related matter, how many people want to mod this -1 quitchurbitchin?

Re:lastweeksnews (4, Funny)

ColdWetDog (752185) | about 6 years ago | (#24066253)

I submitted this a week ago and a firehose reader modded it down quickly.
What changed to make this important now if it wasn't important then?

Now it's old news and thus suitable for Slashdot. Before it was rough hot-off-the-press stuff.

We don't do that sort of thing here.

The quality of Journalism? (4, Insightful)

Conficio (832978) | about 6 years ago | (#24065543)

Hmm, in the CBC article is says "Visitors to those addresses are normally redirected automatically to the organization's main sites at ICANN.org and IANA.org, neither of which was affected by the attack."

What is to *re*direct here? DNS is there to translate domain names into IP addresses. It does not have any *re*direction mechanisms. Redirection is a feature of the HTTP protocol and would require to compromise the web-server (which they state has not happened.)

I wonder, Is this simply a typo or does the journalist/editor not understand what (s)he is writing about (and has no references to have this proof read)?

I'm rather vary, because I see such factual errors often in widely read media, written and edited by journalists. Sometimes I see even "experts" quoted with wrong statements. How does this reflect on news that I don't know so much about that I can spot the factual errors?

Re:The quality of Journalism? (2, Insightful)

multipartmixed (163409) | about 6 years ago | (#24065629)

Being directed and being redirected are REALLY subtle differences in the mind of a techno-plebe. And no, in Canada, there is no requirement for journalists to hold CS degrees.

So, when something's directed to one place, and then directed to another place, it's not strange for a reporter to assume that it was redirected, as opposed to newly directed.

Re:The quality of Journalism? (1)

Conficio (832978) | about 6 years ago | (#24066045)

Well, I would like to hold professional journalists to higher standards.

While I agree that it is a subtle difference, it is a difference I expect a professional word smith (journalist) to pick up and to question its meaning. No degree in CS required, but a critical mind and some sense for the kind of spin that press releases contain.

And I expect for a reporter to report facts and question them and not "for a reporter to assume." If (s)he simply wants to reprint the press release that is fine with me, but tell me!

Re:The quality of Journalism? (2, Insightful)

Conficio (832978) | about 6 years ago | (#24065681)

Not to talk to myself, but I just also read the "press release" from ICANN. It says the same things "icann.com and iana.com were recently redirected to different DNS servers." How can that be?

The press release also talks about "The domains in question are used only as mirrors for ICANN and IANA's main websites." Well, as of today the domains and the www.... simply point to the same web IP address, which is presumably served by the same server. In my book this is hardly a mirror, which would imply it is somewhat fault tolerant.

Also, the press release implies that only web servers where affected. However if the whole domain got routed to a different DNS server, the attackers also had ability to change the MX record, which routes mail for this domain. Did they not realize this? Or did they just not want to talk about it in their press release?

I conclude the journalists where even mislead by the official press release, which does not excuse that they did not check the content.

Re:The quality of Journalism? (1)

Conficio (832978) | about 6 years ago | (#24065727)

Just to continue talking to myself.

The web server does not seem to be configured well either. If a webmaster cares about search engine visibility (optimization) then (s)he wants to really redirect the aliases for that server to a single normalized domain name. This is not the case with this web server, it responds under http://www.icann.com/ [icann.com] , http://icann.com/ [icann.com] , http://icann.org/ [icann.org] , http://www.icann.org/ [icann.org] and even http://208.77.188.103/ [208.77.188.103]

This leads to duplicate content in the search engines, makes it harder for readers to identify the server as authoritative and is (in my book) simply not an indication of a well managed web server.

ICANN needs SEO? (1)

pbhj (607776) | about 6 years ago | (#24069511)

I think ICANN are probably do anti-SEO because they are running out of places to store all the money.

Re:The quality of Journalism? (2, Insightful)

Alarash (746254) | about 6 years ago | (#24073505)

"simply point to the same web IP address, which is presumably served by the same server. In my book this is hardly a mirror, which would imply it is somewhat fault tolerant."

Or the IP is, you know, a Virtual IP on server load balancers and they can host the website on one thousand different servers at the same time for all you know?

Re:The quality of Journalism? (2, Interesting)

Phroggy (441) | about 6 years ago | (#24069879)

You're being deliberately pedantic. I thought it was perfectly clear exactly what they meant:

Normally, A records for icann.com, www.icann.com, iana.com, www.iana.com and similar FQDNs point to IP addresses of web servers that are configured to send an HTTP redirect (via the Location header) that tells the browser to request e.g. http://www.icann.org/ [icann.org] if http://www.icann.com/ [icann.com] had been originally requested.

While more technically specific, this takes a lot more words to say than "Visitors to those addresses are normally redirected automatically to the organization's main sites at ICANN.org and IANA.org." But we all know what they meant, and anyone who doesn't know what they meant probably doesn't care. So why explain the details?

Re:The quality of Journalism? (1)

Conficio (832978) | about 6 years ago | (#24070385)

Well, may be we need to be that pedantic. My read on what ICANN's press release says is the exact opposite.

The press release says clearly that the http server was not compromised ("The organizations' actual websites at icann.org and iana.org were unaffected. "), but instead the DNS records at the root server were directed to a different DNS server ("The DNS redirect was a result of an attack on ICANN's registrar's systems.") who did reply with different IP addresses that did not belong to ICANN and served a defaced website.

That goes to exactly my point, the language does not make much sense in the realm of DNS, but matches the realm of http web servers. This kind of language does cloud the facts and therefore is dangerous.

I'd like ICANN to publish a full report, of what happened and how they are going to prevent this in the future. This kind of press release does raise more questions than it answers.

Re:The quality of Journalism? (1)

Phroggy (441) | about 6 years ago | (#24070609)

I'm confused as to what you're confused about. Somebody got icann.com and iana.com to point to different DNS servers which served A records pointing to third-party IP addresses, so that queries for http://www.icann.com/ [icann.com] and http://www.iana.com/ [iana.com] went to a third-party HTTP server which did not return a redirect to ICANN's official web sites (like ICANN's HTTP server would have), but instead returned something else.

I didn't bother to read the article (I'm not new here), but what about this is unclear to you?

Message from the new owner (0)

Anonymous Coward | about 6 years ago | (#24065767)

ICANN, therefore IAM!

ICCAN haz domain? (0)

Anonymous Coward | about 6 years ago | (#24065807)

ICCAN haz domain?

Stupid bastiges, serves them right (1)

Toad-san (64810) | about 6 years ago | (#24066047)

Talk about a bunch of completely incapable morons ... and we're depending on THEM to keep the Internet running?

Sheesh .. I hope it happens every damned day. In fact I hope someone brings the whole damned thing down. Maybe then the Powers That Be (whoever / whatever THAT is) will replace ICANN top to bottom, clean up the entire domain mess, and give us an honest system.

I noted something similar 14 years ago (1)

rfc1394 (155777) | about 6 years ago | (#24066945)

I noted a similar incident a long time ago, as I pointed out once in this message [ietf.org] which was nothing more than one organization filing for the domain name of another, (Sprint registering for the name "MCI.NET") but rather humorous in the result.

Old news (1)

oblonski (1077335) | about 6 years ago | (#24072959)

I submitted the Wired story of this with the headline 'ICANN gets pwned' over a week ago from a journal entry, oh well...!
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...