Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

35 comments

sounds similar to... (0)

Anonymous Coward | about a year ago | (#43670179)

the linode incident?

Re:sounds similar to... (1)

brian1078 (230523) | about a year ago | (#43670439)

I believe this is the linode incident.

I'm a name.com (and linode) customer and haven't received jack from them.

Re:sounds similar to... (1)

JonahsDad (1332091) | about a year ago | (#43671403)

I'm a name.com (and linode) customer and haven't received jack from them.

They're being a bit slow about it. Just received my email.

Re:sounds similar to... (1)

kermidge (2221646) | about a year ago | (#43672673)

got mine about ten hours ago

I am a name.com customer (1)

Anonymous Coward | about a year ago | (#43670277)

And I did not receive any emails from them today.

Re:I am a name.com customer (1)

Anonymous Coward | about a year ago | (#43671207)

i did. check your spam folder

Re:I am a name.com customer (0)

Anonymous Coward | about a year ago | (#43671421)

Kang: Hmm... Abortions for some, miniature American flags for others.

My Password Wasn't Reset (5, Interesting)

Secret Agent Man (915574) | about a year ago | (#43670341)

I went in and changed it manually after I saw this, but it was never reset by name.com in the first place...

Re:My Password Wasn't Reset (2)

corychristison (951993) | about a year ago | (#43671593)

My first thought was that it was a phishing attempt, but after inspecting the email I decided to go directlt to name.com amd do a password reset through the "I forgot my password" thing. Used my trusty KeePassX and generated a new 32 character password.

Re:My Password Wasn't Reset (0)

Anonymous Coward | about a year ago | (#43672273)

Mine wasn't either.

I didn't set up automatic renewal because the only way to use those free whois privacy coupons is to renew manually.

Now I'm glad I didn't.

Nothing new ... (5, Interesting)

Cammi (1956130) | about a year ago | (#43670345)

This is NOT news. Name.com has had an annual security breach for a minimum of 5 years. This is not news at all.

Re:Nothing new ... (1)

quasius (1075773) | about a year ago | (#43670381)

I'm glad you're not concerned with it, but as a name.com customer, it does concern me and I'm pretty glad this story was posted so I could take action.

Re:Nothing new ... (1)

Cammi (1956130) | about a year ago | (#43670719)

You get notices already as a name.com customer, same as I as a name.com customer. You get emails with the following subject lines ... Failed Login Warning Request for Password Change Usually by criminals at the following ip address: 93.36.180.153

Re:Nothing new ... (2)

Jane Q. Public (1010737) | about a year ago | (#43671139)

"This is NOT news. Name.com has had an annual security breach for a minimum of 5 years. This is not news at all. Reply to This Share"

Almost beside the point. Who in their right minds stores credit card information on their web servers these days? To say that's against Best Practices is a bit of an understatement.

Re:Nothing new ... (1)

Mitreya (579078) | about a year ago | (#43671709)

Who in their right minds stores credit card information on their web servers these days? To say that's against Best Practices is a bit of an understatement.

I don't see why not. If someone were to breach my account and steal my credit card info, the damage would be limited to an hour it takes for me to replace my auto-paying accounts. And perhaps the waiting for the replacement card to arrive.

Best practices or not, my credit card account gets unauthorized charges every 2-3 years at least. It's not like I am ever responsible for that.

I'd be more worried about my cell phone number (or even email) going into the wilderness than I would about someone stealing my credit card info.

Re:Nothing new ... (1)

Jane Q. Public (1010737) | about a year ago | (#43686717)

"I don't see why not."

Well, you may not care, but I can assure you that a great many people do.

But the point is: unless you are making recurring payments via your own system (itself not really best practice... you should have an outside merchant service that automatically does recurring payments), then as a programmer you are taught -- and rightly so -- that NO credit or debit card gets stored by your application. None. Sites I worked on before had it arranged that the main site app never even saw the credit card information, so it could not store that information, even if somebody wanted to.

Re:Nothing new ... (1)

pspahn (1175617) | about a year ago | (#43675925)

You really don't want to know how many, because, well, it's a lot! I have at least three former clients that do this (ignoring my suggestions).

Re:Nothing new ... (1)

Big Hairy Ian (1155547) | about a year ago | (#43672825)

Good grief if their security is that bad why the **** are their customers letting them store CC details?

meausre (0)

Anonymous Coward | about a year ago | (#43670481)

They can't even spell measure properly. Why would you trust them with any personal information?

Re: meausre (0)

Anonymous Coward | about a year ago | (#43672303)

Because that's unrelated to security...

Also affects domainsite.com customers (5, Informative)

pfraser (651313) | about a year ago | (#43670507)

Domainsite.com (owned by name.com) were also affected and notified their customers accordingly this morning.

Fishy (0)

Anonymous Coward | about a year ago | (#43670535)

I'm not convinced there aren't still issues - I have two-factor authentication on my Name.com account via a Verisign authenticator, and Name.com always asks for a code from the card the instant I type the last character of my username. They're not asking for that code now, which seems rather odd. Anyone else had the same experience?

Making your way in the world today (3, Funny)

Anonymous Coward | about a year ago | (#43670603)

takes everything you've got.
Finding a site with decent security, sure would help a lot.

Wouldn't you like some SSH?

Sometimes you want to go

Where everybody knows your name,
and the Chinese are always there to blame.
You wanna be where you can see,
our passwords are all the same
You wanna be where everybody knows
Your name.

 

lol... (0)

Anonymous Coward | about a year ago | (#43670655)

htp5

Take some additional steps to protect your account (5, Interesting)

Anonymous Coward | about a year ago | (#43670741)

This all stemmed from a hacking group trying to get access to Linode through Name.com. You can read more about it here, but keep in mind that Name.com is a very small part of the overall story: https://news.ycombinator.com/item?id=5667027

For those that don't understand, even changing your password won't protect you at this point. The breach hasn't been filled, if that makes sense, as they used a zero day exploit on Name.com (and a few other registrars). Basically, they can still access your account if they want to, whether you change the password or not. I could be entirely wrong about that, but they make no mention of the technical fix, nor has the hacker group said anything about NOT having access any longer.

It is correct that these hackers do not have access to your credit card number, but they can still make charges with your Payment Profile setup in the account. I'd suggest removing any payment profiles to be on the safe side. Also, they can still access your EPP codes because they are able to get into your account. Sure, the codes aren't stored at Name.com (same with the CC info) but they have access to your account. All the hackers need to do is log in to the account, click on a domain, and look at the EPP code being displayed, very simple.

This email they sent out isn't very descriptive of what happened and what could happen. Even users with the NameSafe feature aren't protected, as having admin access bypasses that system. There is a good reason why there wasn't a response for over 24 hours by Name.com and why there still (as of the time I'm writing this) no blog post. Even if a blog post DOES get made, it won't be much more descriptive than the email that went out.

Wonder if Demand Media is regretting that purchase now?

Re:Take some additional steps to protect your acco (1)

game kid (805301) | about a year ago | (#43671165)

Wonder if Demand Media is regretting that purchase now?

Why would they? They can just "Due to the unfortunate circumstances of a continuing bad economy, we have had to shutdown name.com. Sorry for the inconvenience, lol." and done. Their hands are wiped clean, the low-level IT workers are Romney'd [go.com] in one fell swoop, the fat cats still get cash from their bulk-writing SEO scheme [wikipedia.org] , and they can just buy up whoever else decides to take over whatever domain( name)?s they managed.

As easy as 1-2-3 (1)

justthinkit (954982) | about a year ago | (#43670761)

(1) Turn over all passwords to the NSA
.

(2) Tell the world that something bad happened

(3) Profit

Re:As easy as 1-2-3 (1)

tobiah (308208) | about a year ago | (#43672261)

this

Related to the Linode hack (3, Informative)

Necroman (61604) | about a year ago | (#43670767)

https://news.ycombinator.com/item?id=5667391 [ycombinator.com]

In the above HN comment, basically it explains the linode hack, saying they got access to linodes registrar and were going to use it to steal passwords from linode customers. But they ended up finding the Coldfusion hole made it possible to break directly into linode, so they used that instead.

The email from name.com (1)

sticks_us (150624) | about a year ago | (#43670983)

Found this, seems legit:

http://pastebin.com/We3xgT4J [pastebin.com]

Re: The email from name.com (0)

Anonymous Coward | about a year ago | (#43672319)

Yes. That's what it said...

Re: The email from name.com (1)

sticks_us (150624) | about a year ago | (#43673287)

hehehe, that's what I get for not RTFing entire A, I didn't see they'd inlined the entire thing in it. Derp!

Hack The Planet (0)

Anonymous Coward | about a year ago | (#43671075)

lol ?

How can passwords get leaked? (1)

gnasher719 (869701) | about a year ago | (#43672939)

How on earth is it possible at all that an IT related company stores passwords in a form that the information can get leaked?

Eggg. I had a domain transfer request yesterday.. (1)

slashkitty (21637) | about a year ago | (#43675685)

That I didn't order.. I went in a change my password anyway... Wondering how close my domain was to getting stolen?
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...