Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MelbourneIT Lapse Permitted Panix Hijack

timothy posted more than 9 years ago | from the malice-finds-a-way-in dept.

Security 200

McSpew writes "Netcraft reports MelbourneIT's CTO, Bruce Tonkin, has admitted the Panix domain hijacking occurred because of a loophole in MIT's domain transfer process. He doesn't go into detail about what that loophole was, or how it was closed. As a Panix user, I'd like more detail, and I'd like to know what can be done to stop this sort of nonsense happening to other domains."

cancel ×

200 comments

Sorry! There are no comments related to the filter you selected.

Meh (1, Funny)

Anonymous Coward | more than 9 years ago | (#11404050)

Unless it runs on MacOS or will be available in a smaller form factor of varying stylish colors, I fail to see how this is postworthy on Slashdot.

Re:Meh (-1, Offtopic)

Geoffreyerffoeg (729040) | more than 9 years ago | (#11404094)

Unless it runs on MacOS or will be available in a smaller form factor of varying stylish colors, I fail to see how this is postworthy on Slashdot.

The point is that Panix currently doesn't run on MacOS, and isn't available, whatever the form factors and colors may be.

Re:Meh (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404435)

/9j/4AAQSkZJRgABAQEARwBHAAD/2wBDAA0JCgsKCA0LCgsODg 0PEyAVExISEyccHhcgLikxMC4p
LSwzOko+MzZGNywtQFdBRk xOUlNSMj5aYVpQYEpRUk//2wBDAQ4ODhMREyYVFSZPNS01T09P T09P
T09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09P T09PT09PT09PT0//wAARCAGPASwDASIA
AhEBAxEB/8QAHAAB AAEFAQEAAAAAAAAAAAAAAAcBAwQFBgII/8QAThAAAQMDAQQGBg YFCAcJAAAA
AQACAwQFEQYSITFBBxMUUWFxIiMygZGhQlJysc HRFTOy4fAWJDQ2YnSSohdTc4KDk8IlNUNFVFVk
4vH/xAAaAQ EAAwEBAQAAAAAAAAAAAAAAAwQFAQIG/8QAKREBAAICAgMAAgEC BwAAAAAAAAECAxEE
MQUSISJBEzJRI0JSgZGhsf/aAAwDAQAC EQMRAD8Ak5ERAREQEREBERAREQEREBERAXmR7I2F8j2s
Y0ZL nHAC5HVmvqGxOfSUjRV1w4tB9CM/2j3+A+Sie86iu17kLrhWSP ZnIiB2WN8mjcgmG56+05bn
OYa3tMg+jTt2/nw+a52q6Wqdri KS0yvHIyyhvyAKitEEm/6W35/7lbj+8/8A1XuLpbbteusxDe9t
Rk/sqL0QTPQ9J9hqCG1LKmlPe9m0Pi3P3LqrddbfdIzJb6yG oaOPVvBI8xxC+bldp6ielmbNTTPi
lactexxaR7wg+mEUVaV6 S5opGUmoT1sRwG1LW+k37QHEePHzUpQTRVMDJ4JGyRSDaa9pyH DwKD2i
IgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIg LhekbWD7PF+i7c7FbMzL5Af1TT3f2j8l2l
ZUx0VFPVTHEcMZ e7yAyvnO6V810uVRXVLsyTvLz4dw9w3IMUkuJJJJO8kqiIgIiI CIiC7TR9bUMY
eBO9dDLYI3wGRg2TjktLa8duZldXUXOGCDZ2 gN3NBx1TTvp5Sx48j3rqtB6wksNWKSte59umOCOP
VH6w8O8L nbjVRVLstByDxWCg+nGPbIxr2ODmuGQQcghVUc9FWpDUU7rHVy ZkhG1Tknizm33cfLyU
jICIiAiIgIiICIiAiIgIiICIiAiIgI iICIiAiIgIiIOT6Tas0ujahrSQah7It3dnJ+QKg5TH0u/1
Xp /7039lyhxAREQEREBERB6a5zHBzSQRzCOe55y9xJ8SvKuOgmbE JXRuEZ4OxuQW0REGXarhParn
T19M7EsDw4ePePeNy+jKKpjr aKCqgOY5mB7T4EZXzQpn6KbkazTDqWRxL6OUsGfqnePxQdsiIg Ii
ICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiDhelz+q8H96b +y5Q4pj6XP6rwf3pv7LlElBTGsroac
fTdg+SC9b7TW3E/zaL Lc42juCz6qguVrbtV1NHUQ8HAjOPfxCk6x2Z0UDGxxBrAMZO4L YVun+1xF
rnRgkcCMoIOrIImtZPSuJgkzgO4sP1T+axVvNV2a ew3aSleMQy+sjxwI/ctGgLZWyx1tyw6JmxF9
d+4e7vWRpezO vFx2NgujjGXDv7gpfodPMip2NeQzA4AcEEcxaJaWenUSF3gAFi V1prtODro3dfSu
3SRvG4jxUustkDHbLZQXDkQtTqG1yzUkjH R7cZGDsoIYrWw9dt0xHVv9IN5t8FjrJr6R9FWy08gO
WHdnmO SxkBSL0O1JbdLhSZ3SQtk97Tj/AKlHS7Dotm6rWcLMn1sMjPPd n8EE2oiICIiAiIgIiICI
iAiIgIiICIiAiIgIiICIiAiIg4fp bYXaUicBuZVMJ+DlG+ioWz6po438CSfkVK3SXCZdE1hA3xuY
/wDzD81FOip20+q6F7zgFxb8QQg6PXmrrjHen2y21L6WnpsNcY 9xc7nv8Fn2W+3Oz3G3x11e6utt
wIY2SX2o3Hgcrk9fUr6XV1 aXg7MxErD3ggfjlYRu7n2aloXZ2qefba7ub3fFBIvS3SMksdLV 49ZD
Psg+Dgc/MBRTHTzSxufHGXNZxI5KYdfxTXPTcNJSgSTv kY8tzwGOKjpmlr5D6UQa0/2ZFDbkYqzq
1oeopaeodN0VRgip dzMgB9wW66R9Tz2alhobe8x1VSC50g4sZw3eJWk0DHX2u8Tw11 OY2TgOa76O
0PFa7pVcXapZk5Ap27PxKkreto3WduTEx20tin jqK8trKqpZUSH1c7ZDkO8VKGh9QS3LtVrrpRNV
UZ/W/wCsZ3 nx71CoJBBBII4ELt+igyHU87hktNO7bP8AvDC9OMjpUs7aWsp7 jC3DJssf58VH6lfp
ekAtFDHzdOT8AfzUUIC6bo5cG64txPMv H+Ry5ldBoJ4ZrS2E85SPi0hBPqIiAiIgIiICIiAiIgIi
ICIi AiIgIiICIiAiIgIiIOf17GZNF3MDiIg74OBUDU8z6apiniOHxO D2nxByvoLVzQ7Sd1B4dlkP
waV89xxulkbHGMuccAIJW1Na4t XaSprvb8GphZtN3+036TT4grmrBpLLmz3FuXcRFyHmtppyCpoL
X2J07yxzttzM7gfBdHTsDWrE5vkJ/ox/8ruHj6+2Up4JmPcZ XgsxhrccFf6naG7ivQ3q5wG5Yc2m
Z2nswI6SobUOc+QOiPBu OCwr3p2ju5D6gPErRgPa7eB3LejgvDt6sxe+P8qzqUUxE9o1qd DXFk7W
08sMkbjjbcdnZHef3KTtIabpNO28thkE88uDLN3+A7 gsctyFbmiEtPJTmV7GStLXbLi3IK0MHlrR
8yRtDbBE9OC6SL 7Hd76IKV4fT0YMYcDuc76RH3e5cgtxqOymzVgYx5khf7DjxHgV p1t48lclYtXq
VeYmJ1IttpSUQaqtch4Cqjz7yAtSr9FKYa6n lHGOVrvgV7cfSyIDkAjgUQEREBERAREQEREBERAR
EQEREBER AREQEREBERBrtRs6zTdzYRnNLKP8pUD6d6sXRrpMei0kZ71Pt4 btWaub308g/wApXzgx
zmODmkgjgV4yV9qzX+7tZ1O0rUWy5g c05ytpFwXJW+Wekggkc07EjGuLe7I5LpaGshqGAteF8tyc
Nq TO2pW8TDYMC9bsqgc1reKsy1EUQy+RrR4nCq1jU7eLTtdc7uXk nHFa6S5t4QMdIe/gPisWR01R
vnkw36jdwUk0tad2+ORWZbCa uY0lkXrH9w4D3rFLZJJWzTP3t3taNwCtsLIxhoAXoGWc7Mbffy Ck
x4pmdUh71WsblyuvJw4UsWcuy5y45dJrS31dLcmzzu24ZR iNwG5uOS56LY61vWeznevpuLinFiis
s/Lb2tMw8JwK3VVZHO jE1IQWuGdlaeRjo3lj2kOHEFWEb6I01cBdNO0FYHZMkLdr7Q3H 5grZqNOi
W+s6iayVEgDw4y04P0gfaA+/3lSWgIiICIiAiIgI iICIiAiIgIiICIiAiIgIiICIiCzWSRQ0c8tQ
4NhZG4vJ5Nxv XzW4NdKQzOyXej5KT+lHVIZGbDQyem7fVObyHJn5qMYP18f2h9 6CYZqFk9BFHjDm
MAafcudkpzTzEPBaR3LuI6VzYGl4Iy0LWX CgZUtwdzhwcFV5HH/kjcdpsWT1+T01kIjljGZZPLbK
Cmga7a AGe871jSUNXA7DWkjwRsFc44Eb/gse3FyROvq5W9O2U57G7gqB xedluSTyCpBbKh7synZH
xW3pKNkQwxu/vPFTYuBa0/l0835F Yj4x6agyQ6Y5/shbeKkcYx1cWGjuCyqKgL8PeMNW3a0MaGtG
AFr48NMcarCla9rduC1VaXXGzTQBvrW+nH9ofxhREQQSCMEcV9 JVdIyeM4GHKCtZ2t1r1BOzZ2Y5
fWM3d/H5qV4XtOXSNrOyVL gPqE/csPUbqd1WOpwX/SIWnRBfoquahrYaundsywvD2nxC+ibN cobv
aaa4QEbE7A7H1TzHuOQvm9SL0V6kFLVGx1bwIp3F1OTy fzb7/v8ANBLCIiAiIgIiICIiAiIgIiIC
IiAiIgIiICIiAud1 pqWPTlodI0tdWTZbAw9/Nx8AttdrnS2i3TV1bJsRRDPi48gPEq A9SX2q1DdZ
K2qOB7MUY4Rt5BBrZZZJpnyyvL5HuLnOJySTxK 6PQVgkveoInOYey0zhJM7G7dwb71oaCjmuFdDR
0zC+WZ4a0K f9N2OnsFoiooAC4Dalfze7mUGylibIzZPuWjracxPORuXQK1PC ydmy8e9BzJaF5DVt
Jba4O9EZC9RWxxOXbh4oMCGFzzhoJW2p KAMw6Ub+5ZUFPHCPRG/vV5BQDAwFVEQFxHSjZe32Dt0L
MzUb to4G8sPH8Cu3VueJk8EkMrQ5kjS1wPMFB8zIs++W99qvNXQPBz DIWjPMcj8MLAQF6je+KRsk
bi17CC1w4gheUQfQGj7/ABahsc VRtDtMYDKhnMO7/I8VvVAei9Ru05eRO8OdSzDYnYO7kR4j81PF
PPFUwRzwSNkikaHMc05BB5oLiIiAiIgIiICIiAiIgIiICIiA iIgISGgkkADeSUXCdKOonW62NtVK
/ZqKwHrCDvbHz+PDyyg4 zpB1Sb9c+zUrz2CmJDMHdI7m78v3rkEXuJhllZG0ZLiAEEkdE1 lHaJbv
OzeGlkGfmfwUpLkdKvZb6WKnxhoaAusa9rxlpBCD0i KhOBkoKorLqhg4HK9ska/2T7kHtERAReXP
a32nAK2aiIfTCC 8ixnVsQ4HKtNuDdrDgMII26X7YIq6jukbcCZpik8xvHyPyUcqd 9eWz9NaTqBAN
qWD10Y55bxHwyoIQEREBd30davNqqm2u4zHs MxxG5x3Qu/I/v71wiIPp0EEZG8Io86MdVdspxZK+
TNRC3+bv cd72D6PmPu8lIaAiIgIiICIiAiIgIiICIiAiIgtVVRFSUstTO4 MiiYXvceQAyV886gus
t7vVTcJc+tf6DfqtG4D4KUule79jsE dvjdiWtfh2PqN3n54HxUPwRPnmZFGMuecBBbW40tSdqvcQ
Iy 2PLytXOxkcpYyQSAbtoDAPkpF6N7E99K6sezBmPok/VCDpqGjl kcC0HC6GmpHRgbTysingZBGG
tHmVdQURVRBjOpw6bPBqvtY1 vsgBekQEREFqaFsvHcVgy29x3sdlbNEGikpJWcisdzHNO8FdJj PF
WZaWOQcMFBrrfUlj+rectKh3XVkNk1HMxjcU1QTLCeWCd4 9xUw1NI6F201aPWdn/AJQadd1TAa2k
9OLvcObfggh2nZA/LZ pXRu+icZHvXmWJ0RGcFp4OHArwQQcHcQr1POGermBfCeLe7xCC wivVMHUv
Gy7bjcMscOYVlBfo6qairIaumeWSwvD2OHIhfQmn rvFfbLT3CEbPWNw9ufZcNxHxXzou/wCii9mk
u8lpmf6mrG1G CdwkH5j7ggl5ERAREQEREBERAREQEREBEWo1VdRZdO1lbkCRrN mLxedw/P3IIg6Q
7v8ApbVVQY3ZhpvUR+7ifjlaSmLqamkqeD pAY4/fxPw+9YhJc4ucSSd5JVyWd8rY2uxsxt2WgckG
ZYLXLe b1TW+HOZX+kfqtG8n4L6EoaOGhpY6eBoayNoaMdwUfdEdlMcFR epmb5fVQ57h7R+O73KSU
BERARFQkAZJwgqiIgIiICIiAiIgo 9oe0tcMha80skNQHxDIytiiCDukax/ojUT5YWbNNWDrWY4B3
0h8d/vXN0lK+qeWtOMDOVL3SvQtqNLtqg3L6WZpz3NduP4KJqC sbSNflhJPDCA1jo3uo6jAa45af
qnv8liPa5jyxwwQcEL3Uzu qJTI73DuV+rHXU8dWMZPoSfaHP3hBhq7S1EtJVRVMDtmWF4ew9 xByF
aRB9J2utjuVrpq6L2J42vHhkcFlLguiW6OqrFPb5H5dS SZYDyY7f9+fiu9QEREBERAREQEREBERA
UXdL13DpKSzxO9j1 8uO/g0fefeFJdZVQ0VHNVVLwyGFhe9x5AL54vtzkvN5qrhKMGZ +Q36reAHww
g16yKCkkrq+CjgGZJ5AxvmThY67foptoq9Svq3 jLKOIuH2nbh+KCXbdRQ26309FTjEcDAxvu5rJR
EBERAViqPo taOZV9YtS710bUGSOCqqKqAiIgIiICIiAiIg1Oq6Xtul7lT4yX QOIHiBkfcvnhfTUz
BJC9h4OaQV801DOqqZYyMbDy34FBbWZR esp6qA4wWbY8wsNZlsbtSy54CFxPwQYaIiDrejO5dg1d
DE52 zHVtMLs9/FvzAHvU4L5npp301TFURHEkTw9p7iDkL6Qt1Wyvt1 NWR+zPE2Qe8ZQZCIiAiIgI
iICIiAiLS6wu0ll0zWV0P65rQ2 M9znHAPuzlBxfSrqVrmiw0cmTkOqnA/Bn4n3KMF7lkfNK6WV7n
veS5znHJJPMrwgKY+ia39m05LWuHpVcpI+y3cPnlQ4voLRcP UaQtbMAZp2uPv3/ig3aIiAiIgLDm
Oaxg7iFmLCkGa5qDNREQ EREBERAREQEREBfN14Gzea4YxiokGP8AeK+kV86ajbs6juQ/+T J+0UGt
Wbbzsx1b+QhLfiQsJZjC6G1vPDr3gDyH7ygw0REBTh 0Y1rqvR0DHnLqaR0OfDiPkVB6lvodcTZq9
vIVAP+UIJCREQE REBERAREQFynSYM6JrPtR/thdWua6Q6eSp0XXtiaXOYGvIHcHA n5IIHRdFZNK1
FyjbPO4xQu4YHpEd/gtrX6DLYNuhqHF4+jJw PvCqX5uCl/SbfUsYbzG9OIX0XpwBum7aBypo/wBk
L56qqaaj qHQVEZZI3iCvoTTTtvTVsd300f7IVqJiY3CLps0RF0EREBYjhm uCy1iH+nBBloiICIiA
iIgIiICIiAvnXUv9Zbn/AHqT9or6Ik e2ON0jzhrQST4BfOFW59xulTO3HrZXSEngATnegxWMdI9r
GD LnHACybg8CRlO0+jA3Y8zzPxV2nrYrfLtU0TJXj/xJB9w5LJGo Jc5dSUp/4YQaZFvBeaGb0au1
wEHiWNwflhXZbHT11Oamyyuc eJged/uKDnlLXQ60izXB3I1AA/wqJnNLXFrgQ4HBB5KbOi6k7P o6
KQgg1Er5Pns/9KDsEREBERAREQEREBa69VraWkLAfWSggD w5lZ00rIInSyuDWNGSSuMrax9fVuld
ubwaO4KlzeR/FTUdyn wY/e256XKZrGRANAA8FfysaLcFfBXy9u2g0uotPw3anJADZm+y /G8fuXZa
Wa9mm6CKQYkiiEbh3EblqMrOtVV1E3VuPq3/ACK1 PHcyaWjFfqf+lbPi9o9o7b5ERfQqIiIgLEP9
OWWsd8LzUCRp GOaDIREQEREBERAREQFpqm7yGZzKYNDWnG0d+VuHeyfJccHFs7 /tFZvks+TFSPSd
bWOPSLTO2VcKuoq6GammkxHMwsds7jg8d6 h69RRW+rloKVzixrsuceJ7h5BSxUO9WSok1AHC91W1
zfkeSr eLz5cl5i9t/HrPSKx01yIi21UWfa7nJbnvcwZDhuGeawFlW6gn uVYymp25c47zyaO8rlrR
WNy7Eb+QzaG0XK/VXXxRZZJJh8nB rd+8+5T7bqaCjt9PS0uOphjDG47gFyNqt8VsoIqWEbmDee89
66OyucRI0ncN6yuP5Kcuf+PXyek18XrXbaIiLWQCIiAiLlbldp 6yV8MDjHADjdxcoM/IpgruyTHj
m86h00k8MYzJKxoHe4Ba+r v1DTt9GQyu5NYPxXNtjy3BJPmq9nb3LKv5a3+WNLMcWP3JXXGp uUnr
PRiB9FgXmKPAVxsQC9tGFmZc9sk7larWKxqHprcL2qBV UAIiouDe2it7REYnn1kfzC2K5OKV1NO2
ePiOPiupglbPC2Vh 3OGV9P4/lfzY9T3DOzY/Wdw9oiLQQiIiAiIgIiICIiAqOcGtLj wCqrVT/R5P
JBq6m4SOcRGdlq0Qd6x3mtgea1YcDKfNZPlo/C q3xe5e6l3q1xWobQaxxmhAEzeX1gu0lG0xa2aH
JO5ZXGyzit 7QtXpFo1KMJoZYHlk0bmOHIhW1JMlGx4w9ocPEZVuO2U7XZbBG D37IWxHkq6+wqTxZ
/UuGobbVVsgEUZDebyMAKRNPWuG3U4bE 30z7bzxcrtPSDI3LaRRhjRuWfzObbLHrHyE+LDFPq+Ct
rZH+ tkaeJG5alpWRSTmnnbIOXFU+JkjFmreXvJX2pMQ6ZF5je2WNr2 HLXDIXpfXRMTG4ZYiIuijx
ljh4LiIR6bs967hcTN6uvmZ3PI +ayfKxutZW+LP2YXgAq4VAdy9L5+VxTCYVVRBVERBVFRVQOWCt
hZarqZTTSH0Xb2571rkdkgOb7Td4U3GzzgyReEeSkWjTrkWH basVdMHE+m3c4LMX11LxesWjqWbM
TE6kREXpwREQEREBERAX iVu1G5veF7VEHNyjZe4HkueilJnd5rH1vqdlBNJQUDwatxw943 9UPzXm
3ZMbXOJJI3k81meT/oha4vctyPSarb4sq5DvCu7K+e 3qV5hdR4L2ynAKzNgJs4XfeR4jYAriphF4
mdioXoKgVQuOM+ 3Vxp3bEm+M/Jb1rg9oc0gg8CFymVl0ddJTHHtM5tK1uD5D+L8M nX/itmwe32vb
oUVmnqYqhuY3b+YPEK8t+t63j2rO4UpiYnUi 4mt3XSo/2h+9dsuJrSHXGdw5vP3rO8nP4Qs8T+qV
1h3L0vEf BXCvnZXVERFwERVQFRVTCAgOCqJlckX6SpNHVNlH6t2548F07X BzQ5pyDvBXHkgtIK2d
huIcTRTO9IfqyeY7lteK5Ov8K3+yny Me/wAob5ERbqoIiICIiAiLVXvUFssVOZbhUta76Mbd73eQ
Qb QkAZO4KO9adIUVK2S32KQSVBy19SN7Y/s958Vymqdd3G/bVPBm koTu6tjvSeP7R/DguSQXYy6e
raXuLnPeMknJJJUlW1vqmjwU dW1m3cIR3OypJt49W1ZPk7fIhc4sdy2sQwFeCtR8FcC+fntcek VQ
iOKKmFVFwFVUCquii9Kio52Nw4p2Mmje5lVEWEg7QC6Vai 1W97CKioGDxa38StuvpPGYL4sc+/7U
OReLW+PErxHC+Q8GtJ XDZLpC478nK7asY6SjlYze5zCAuFkd1Ty1/okHmofKbmax+kvE 1qWax+5e
w4Fa5tQO9XRUBYs45W2UTvQFY4myvYlC8+sjICqr LZQvYkC86cXFRUDgVUlAXnCrlMoLMmQtXcQ4
xEsc5rhwLTgh bKZ2Fqq2TcQFYwbi0TDkwx7d0j1lrk7JeKc1cbThszDsvx4jgT 8F1lDr/TVY3Jr+
zu+rOwt+fD5qJb9EP1nMFaRfVYb+9IlmXr 620+gf5Yab/wDeKX/GqHWGmx/5xS/4l8/opHhPFRrz
TMAybm x/hGxzvuC01f0p2mFv8xpKipd/axGPxPyUQIg7O7dJV8rgWUnV UMZ/1Qy7/EfwwuQnnlqJ
XS1Er5ZHHLnvcST71bRAREQbKxM2 q8HuCkShGI2rgdO47Q8nwXeUb/QCxPJTu2l7jR+LaM4K6Fjx
Pyr4KxZ7WlwKhK8hyoXLjmnrKZVsvACtOnaOJXYrMmmSCqF4Ct 0UdTcJdimZ6I9p54BdHQ2iClw6
T1sne7gPIK7g4GTN96hFkz Vo1NLQ1VVgtbssP0nbluqO2QUuHEdZJ9Yjh5LNRbfH4GLD97lT yZ7X
+foREV1CLDrbXR1wPaIQXH6Q3FZiLlqxaNTDsTMdOYqd It3mkqi3ubIM/MLVz6futPvbGJR3sOfk
u7RVb8LFb9aS1z3h Gkhnp3bM8T2O7nAhUFV4qSnxskGJGNcO5wytbVaftdTnbpgw98 ZLVVv43/TK
aOV/eHFNqvFXW1fitvVaJY7JpK6Rnc2Rod8xha er0ze6TLmRMqGDnE7J+B3qvfgXj9JI5FZZEdSD
zV8Tg81zTq qSnk6qojfFIOLXtLT81fjrc/Syqd+NMSli8S33WjvXh84A4rU9 r8VbfUk814jBLu2b
PU5zvWqqp9x3rxNU7uK1tROXO2W5LicA DmreHC8WvprL1KHR45krSqSKDo1r7i9k90qm0sJAIjYN
p+PH kD8V2Nv0JpyhjDf0eyocOL5ztk/h8lu4qetYhn3tudoGXtscj/ ZY53kMr6PhtVugaGwUFLG0
cA2Fo/BZLY2M9ljW+QwpHh819k qsZ7NNj7BTsdV/6ab/AJZX0siD5p7FV5x2Wf8A5ZQ0VWONLOPO
Mr6WRB81i31x4UdQf+E78lamgmgIE8MkZPAPaR96+mVaqKan qojFVQRzRni2RocD7ig+e7I7Zkef
JdpRy+gFf1zpugsroK22 U/URzPLZWtJ2Q7iMDlzWooqkFoGVlc2m7bXOPbUadFFNhZLJ1p o5d24q
+2bHNZNsS3ttDMFafUAc1guqMDisSesAHFcrhmZJnT YT1gaOK2dlsk1x2ams2o6bi1vAv/ILxpvT
r6ssrrkwth4xxH i/xPgu2AAGAMALY4vBiPyup5c89VeIYY4ImxQsaxjRgNAXtEWo qCIiAiIgIiIC
JlEBERAREQY9ZQ0ldH1dZTxzN7ntzhctc9CQ v2pLTUOgdx6uQlzfceI+a7FF5tStu4eotMdIdraG
722QsrKG ZoH02t2mn3jcsN1YTu2XD3KblTYbnOyM+SrzxKJIz2QzSW263N 4bR0UzgfpluGj3ncu7
0vo2G1PFZXubUVnFoHsx+XefFdYikp hrR4tkmwiIpngREQEREBERAREQYd1ttPdrfLRVbSY5BxHF
p5 EeKjC76Tu1me58bDVUw3iWIZIHiOI+5S2i8XxxePr1W016QdFc Cw7JO8cVf/SYwphqLfRVX9Jp
IJvtxh33rDGmrEJesFpo9rj+ qH3KtPDrKWM8oyomXC7SiK308kpPFwHojzPALt9P6Oio3Mqrm5 s9
QN4YPYYfxK6mKKOGMRxMaxg4NaMAe5elLj49KPFstrCIin RiIiAiIgIiIOV6Qrw606ff1Ly2eU7M
eOOf4+5ajo6v1bUz1d suszn1ERyNrjhafWs9XqDWMVstobIaQbWy72drx+XxWA9t405q qjuV2ZFG
ZzsPMecEbhv+XwQbJl3uRvGoIDWS9XBE50Yz7JXV dHNdVV+mhPWTOmk23Dad5lcNA4OvupXDgYHH
5Lseiv8Aqo3/ AGjvvKDbUGq6Ctus9uAfHPBkvDhhWIdbWeVlXIHvEdKcPe5uBn uC47X0clh1O260
7SG1MTmOx9bG7+PBauustTS9H9NO2Nx62b rpsccY5/L4IO8tnSDZq+tbTbTo3POGFwIDlsabVVDU
XyW0sD +0RguO7djv+ajTUVfbLvSWqkskX87a4ey3Bb/G74LIjrY7Jr+p qLgTG0wAAuHE4H5FB3Td
b2t8VdIBJiiOJfRO7eR+CrZda2y9 XJtDSCQvLNvOycKM6GQTWvU0rQQHnaGRjcS5SF0cUVMzTNLU
iJvXEH08b+KDXdId2q7Ze7V1FU6GF7vW44FoIz+K3Fm1zaLpVd kje5kgGRtjG14rmelRzGXm0Pla
XMa4lzcZyMjK1VfV0d21fb 5LMzabFHmQtHh/HxQdnV9Itkpqx9OTI8Mdsue1pIBWbddZ2m20 9PK+
R0hqG7UbWDJIUSVNaaq2Vm1PFTEybqOKEAu3jeTx/wDx Z9d2Z1DZJDUzUlQKcNZOG5Zw4E53fvQS
fZ9YWq7QzyRSmMwD MjXjBAWBB0iWOatFOHyAOdsiQtOyT5qP7fNX1lPd6OPqqoiAnt ELMF3hkDf+
5a5j4p7RT0slxPt4FOymBe13nkfwUE+GaMQdcX Dq9na2vBclN0j2OKrdDtSOa12yZA07OVt27dPp
LL2GV7Kfe0 je7coYqqztVmlJqIYSZN1HDEG438SeKCXLrrW1WuWFk7nETR9Y wgbiFjydINmjt0VW
7rQJiQxmz6Rxu4LhqxsdTeNMsdhzHQsz nmrusaZ1t1lA/rRSQGLEUpj2mtO/O73/ADQSTp/Ulvv8
bnUT ztM9pjhghcv0j3SsttxtrqaqfCx7wJMcMZ3rX9HMbZNSVdVDUy VAIxI/qQxjj3jBXvpYLRW2
wvaXND97QM5Hcg6Oza5tFyqmUT JHtlxuL2kB3kvNf0g2Shrn0rnveWHD3NaSGlcPcqqjvGp7SLI3
aMbfWFo8v3/FaaBxpYrjTVlf2Z5e4SROgD3SeRKDt9Y36Y3K yT2usc2CpeA7ZIw4ZH5re3fXFqs8
zKaZzpJsDaawZwo4qYTB SacZtSOaZyWl7dk4LgRuys+31VHZtYXN19jOJRmJzhy/jHwQd+ zWdpks
sl0jkLoYzh4A3j3LAb0j2N08Ue1IBJj0tk4Ge9R5Ax 0lov8AWQMcyilcOr3YB9IrMvlNDH0eWiVj
AHueCT7igkS960 tVmmjhnc58jwHBrBk4Vyx6utt8rnUlGXmRrdokjdhR7PPBatbM rLtGTTSQDYcQ
SOA/f8VmdH0sU+ubhNAwsie0uaCMbjz9/FB0 PSJqiax00VPQu2ambeCRwCvx65tlPYYK2eVznPy0
ZaQXEbju 4rWdLsf/AGNTvDd/WjJx4Fczc6ukdebPdHjrLa1uySGnAcM5+e PggkbT+sLZfZjBTvLJ
wM7DhgrPvt6prFQ9sqw7qwQDsjOMqN qWanu3SPS1NkjIp42jrHNGBz/cuq6UI3v0nKWNJ2XNJx3Z
CD PrdYW2ioaOrl6zq6vHV4aeax7pru022p7O7rJJQ0Oc1jSdkeKj m9XalrbFZKSnftSU5b1m72Tj
grl6EMWoKh9NXyUFQWAv65vo P3Dgf3IJbsl6or5RdqoZNpmcEHiCtio20LqFlv07W1tyjZHTQy Ad
ZDFjbJwBuHipAt1bHcaGKrhBDJBkZ4oKQ22igqXVMVNG2Z /tPDd5Vay30lc1oq6eOYN3jbbnCyUQ
YLbPbmOkc2jiBkGy87 PtBX6Sjp6KLqqWFkTM52WjAV9EEf6h0vfL9fAKmeP9GskDmt54 7vv+K7hl
HA2ibSuY10bW7OCFkIg11LYrXSTGanooWSH6Qavd ZZ7dXTNlqqSKWRvBzm7ws5EGA2zW1rJGNo4Q
2X2xs+15rKpq aGkhENPG2ONvBrRgBXUQY1XbqOsex9VTxyuZ7JcMkK1SWe3UUj pKWjijc/2i1vFZ
yINb+gLT1z5jQw7b9zjs8V6kslslphTPoo TE3g3Z3BbBEGHRWuhoIzHSU0cbXcQ1vFWWWG1Mqe0t
oYRLnO 1sjK2SIKFrS3ZIBaRjC1v8n7Rtvf2CDak9o7I3rZogwW2e2tdE 4UcIMXsHZ9nyVytt1HcG
BlZTxzNHJwyspEGNRUFJQR9XRwMi b3NGFSrt1HWuY6qp45XM9kuGcLKRBgUlmt1FO6empI45HcXA
LzU2O11U/X1FFC+T6xaMrYogw5rXQTmMy0sTuq9jLfZ8l5rbNb q8g1dJFKRw2m5WciDE/RdD2Tsv
ZYuo+ps7lSS02+WmZTyUkT oY/ZYW7gsxEHB6o0reKi6Nq7TUMMWAOol3sGPBZOjNK1lquFTc 7nMx
9TOMbLBuC7NEFiso6augMNXCyWM8WuGQsf8AQts7GKTs cXUD6GzuWeiDDobXQ28EUdNHFn6rcLJm
hjqInRTMD2O3EEcV 7RBrGaes7GbLbfAG52sbPNe6yyWyuLTVUcUhbuGWrYIgxo7fRx UvZmU0XUni
wtBB9yvRRRwxtjiY1jG8GtGAF7RAREQEREBERA REQEREBERAREQEREBERAREQEREBERAREQEREBE
RAREQEREBE RAREQf/9k=

Get caught (0)

defrabelizer (842549) | more than 9 years ago | (#11404054)

Be stupid, hack a server and get caught. At least the internet its that much safer. I dont blame those panix users, they must have panix.

whatever you do..., (0, Funny)

Anonymous Coward | more than 9 years ago | (#11404056)

just dont panix!

Re:whatever you do..., (0)

Anonymous Coward | more than 9 years ago | (#11404730)

thats a funny joke, you faggarts

Overworked (5, Insightful)

tuxter (809927) | more than 9 years ago | (#11404062)

I'd like to know what can be done to stop this sort of nonsense happening to other domains

You'll never stop this sort of stuff, there is always someone smarter and more determined to find loopholes than the overworked, caffeine addicted guy paid to write the code.

Re:Overworked (4, Funny)

nzkbuk (773506) | more than 9 years ago | (#11404136)

You'll never stop this sort of stuff, there is always someone smarter and more determined to find loopholes than the overworked, caffeine addicted guy paid to write the code.

You're joking right ? If my experiance in the IT sector is anything to go by the guy who wrote the code while most probably overworked and caffeine addicted, is almost certainly NOT paid to write this code.

More than likely he's paid to do something else and has had to put this together in an afternoon between other projects.

Re:Overworked (1)

tuxter (809927) | more than 9 years ago | (#11404197)

Ok, so you are talking symantecs. You have just confirmed and compunded my opinion entirely. Thank you.

Re:Overworked (0)

Anonymous Coward | more than 9 years ago | (#11404540)

Semantics, you dolt.

Symantecs (1)

Baricom (763970) | more than 9 years ago | (#11404982)

Speaking of which...

Symantec [symantec.com] : Software company best known for the Norton family of products.
Semantics [m-w.com] : The study of meanings in a language.

Re:Overworked (1)

fimbulvetr (598306) | more than 9 years ago | (#11404205)

in an afternoon between other projects.
I'd say right after fixing the CEO's home PC because his son installed the latest ActiveX game on it, and right before the 3 hour Monday meeting that 0h-so-raises productivity.

Re:Overworked (5, Interesting)

ajd1474 (558490) | more than 9 years ago | (#11404211)

I have had my share of problems with Melbourne IT.

My father registered a domain name with them under the company name " Brothers Inc." But on the form mispelled Brothers as Borthers. On top of that, no such company ever existed.

When it came time to transfer the domain name to me, Melbourne IT wouldnt have a bar of it. They wanted proof of my association with this "fictional" company before i could take contral of the domain. When i pointed out that no such company existed, they argued and insisted that i produce a permission of transfer on the company letterhead of "******* Borthers" before they would allow me to move the domain.... even though they acknowledged that no such company exists.

So what did i do? I created a fake letterhead, signed it and faxed it. They then gave me full control of the domain the same day!

Re:Overworked (0)

Anonymous Coward | more than 9 years ago | (#11404297)

You're the real dumbfuck here if you don't understand why they did this, it's called plausable denial. The letter, fake or not, is a document they can take to court saying here's our authorization to do the transfer should a dispute ever arise. They don't have to check the authenticity of it, they just have to produce it. Any other company would have done the same. If real property had been involved, they would have required proportionate proof.

Re:Overworked (4, Insightful)

dgatwood (11270) | more than 9 years ago | (#11404322)

This is, sadly, standard policy for all the registrars. Idiotic, yes, but normal. The problem is that in their (NetSol's) boneheaded minds, the owner of the domain is the COMPANY to which the domain is registered, not the person.

Word to the wise: NEVER put a company name in when registering for a domain unless you are intentionally registering a domain on behalf of an existing company. It will only bite you in the ass later.

Been there, done that. Fortunately, in my case, I had just created the domain and was obsessively checking the registrar's whois. Thus, I caught the problem before they had a chance to upload the data to NetSol's main whois. Since I was able to fax the phony letterhead so quickly, we were able to resolve the problem before NetSol saw the bogus data, so at least I didn't get have to pay for a domain transfer when I realized that I had incorrectly filled out the registrar's forms (which never said anything about this policy).

That said, the policy is totally broken and should be fixed. You should have the choice of registering it to a company OR an individual. The current system allows you to register it to BOTH, and changing EITHER requires paying for a transfer. Talk about a system designed to screw people over and hit them up for extra fees....

Re:Overworked (0)

Anonymous Coward | more than 9 years ago | (#11404589)

Oh brother, what a bother!

Re:Overworked (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404336)

Recently I was asked for my expert opinion (IT admin for 5 years) on the architecture for our new groupware solution for inter-office communications. My boss told me the current plan was Windows Server with Sharepoint and SQL Server.

Well, normally I would just go along with it and quietly get my paycheck, but this time I had been inspired by recent Slashdot postings about the power of open source. I had done some studying up on my own, too.

So when my boss put the question to me, I responded with "That could work, but I'm thinking Ubuntu Warty Warthog or Debian Woody, with Derby 0.9 database and of course X-Bitch client to keep in touch".

Well, now I'm unemployed just like you all and I'm looking for a job. All I know is, nobody ever got fired for buying Dell and Microsoft. Damn slashbots... a curse on you!

Re:Overworked (0)

Anonymous Coward | more than 9 years ago | (#11404764)

Once was semi-funny, more is idiotic. Back in the cave, troll.

Re:Overworked (2, Informative)

adeydas (837049) | more than 9 years ago | (#11405011)

The problem and how it was plugged is given here [merit.edu] . As there is no general rule for stopping crackers to gain access though all loopholes, there is no way to completely protect a domain.

And, queue the flood... (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11404068)

of "Don't Panix!" puns!

That, and... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404096)

..."Netcraft confirms it: Panix is dead."

hey (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404074)

someone call the waaaaaaaaaaaaaaaambulance!

So... (0)

Anonymous Coward | more than 9 years ago | (#11404078)

...the perpetrators of the hijacking remain at large? If I were a Panix user, I'd be panixing right now too.

I had my penix hijacked (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404080)

FP!!!

Translation of corporate speak (4, Insightful)

Magickcat (768797) | more than 9 years ago | (#11404105)

Melbourne IT, which sells its domains through Yahoo and many other hosting firms, defended its claim of 24/7 customer service for resellers and technical contacts (although not retail customers), but said it will evaluate whether it can improve.

Translation: We won't commit to doing a damn thing, and frankly we're only interested in the people who pay us to fuck up. Nonethless, we're attempting to put it nicely, so be grateful.

Translation of Translation of corporate speak (4, Funny)

ackthpt (218170) | more than 9 years ago | (#11404269)

Melbourne IT, which sells its domains through Yahoo and many other hosting firms, defended its claim of 24/7 customer service for resellers and technical contacts (although not retail customers), but said it will evaluate whether it can improve.
Translation: We won't commit to doing a damn thing, and frankly we're only interested in the people who pay us to fuck up. Nonethless, we're attempting to put it nicely, so be grateful.

Translation: We are committed to solutions which enhance your whole internet experience and lifestyle. Please see our website if you have any questions concerning customer service.

404 - Page not found

Re:Translation of Translation of corporate speak (1)

Magickcat (768797) | more than 9 years ago | (#11404445)

hehehe - very funny. If only it wasn't true.

Re:Translation of corporate speak (1)

dinosaw (851176) | more than 9 years ago | (#11404428)

Mate you must be bored, why don't you spend some time fixing your first grade website and stop being a pain in the ass.

Re:Translation of corporate speak (0, Flamebait)

Magickcat (768797) | more than 9 years ago | (#11404549)

I've got a great website - in any case I haven't noticed yours.

Oh, Congratulations on your very first post - now get back to your soul destroying work at Melbourne IT dickhead.

Re:Translation of corporate speak (-1, Flamebait)

dinosaw (851176) | more than 9 years ago | (#11404593)

I'm not a full time tosser like yourself who finds himself insecure and socially inept. I've got a life and its not on the internet. Your a nobody, look at your shitty company. Your website like yourself "Sux Balls". I'm sure your reply will be fruitful, as this is your life you dumb loser.

Re:Translation of corporate speak (0, Flamebait)

Magickcat (768797) | more than 9 years ago | (#11404686)

Oh please go on, tell us all about your great life when you're not on the internet. We're all fascinated by your success. You can't even express yourself clearly you poor retard. If the best you can do is criticise my website, I'm afraid you're doing rather poorly.

Oh, and congratulations on your second post. So nice to think that you signed up for an account just to froth in my direction. Keep posting, you might make it to your third post.

There are plenty of people on the phone who want to complain about your shitty company - so get back to your work. Oh, and please try not to dribble on the keyboard in future. Lunch break is almost up.

There's always time to mock a feckless company (1)

SteeldrivingJon (842919) | more than 9 years ago | (#11404739)

Always a good time had by all.

Uh, except you, I guess.

The is simple (5, Funny)

crunk (844923) | more than 9 years ago | (#11404108)

There was an error in the checking process prior to initiating the transfer

Someone screwed up.

The loophole that led to this error has been closed.

And they fired the guy.

Re:The is simple (1)

arodland (127775) | more than 9 years ago | (#11404204)

Really. Nobody said it was software, and the article title doesn't say anything about anyone getting h4x0red. I'd say your version is the most realistic. Just a matter of "we don't bother to do a good enough job of making sure people really have the authority to ask us to do these things."

Re:The is simple (1)

kjamez (10960) | more than 9 years ago | (#11404720)

the man in charge of sacking the man that needs to be sacked has since been sacked...

Re:The is simple (4, Funny)

SteeldrivingJon (842919) | more than 9 years ago | (#11404831)

The guy who put the CEO's cellphone on the web has been sacked.

The CEO is not to be disturbed when he's cooking up Vegemite on the barbie.

Speaking Of Domain Hijacking.... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404109)

How would you feel if your webmaster maliciously took your web-site offline, then, when you demanded its return, put up a site attacking your company at your old URL? It happened to a group I was involved in, the Censorware Project, currently at http://www.censorware.net [censorware.net] [censorware.net]. The purpose of this essay is to put the behavior on record, and to give you some impressions and inferences about it.

The Censorware Project was originally an informal collective of six people who collaborated online to fight censorware: Seth Finkelstein [sethf.com] [sethf.com], Bennett Haselton [peacefire.org] [peacefire.org], Jamie McCarthy [mccarthy.vg] [mccarthy.vg], Mike Sims, Jim Tyre and myself. Several of us had never met or even spoken on the phone, yet for some time -- around two years as I recall -- we had a remarkably easy collaboration. There was no funding, no hierarchy, no titles, not even project managers. Someone would suggest a project and take the responsibility for a part of it, others would sign up for other elements, and proceeding this way we got a remarkable amount of work done, including reports on X-Stop, Cyberpatrol, Bess and other censorware products.

Even though two of us were attorneys -- Jim and myself -- we never incorporated the group or wrote a charter or any contracts among ourselves. Mike Sims was obliging enough to register the domain, just as other members paid for press releases and the other incidental expenses which came along. Mike also served as webmaster of the censorware.org site and did substantial work [sethf.com] [sethf.com] for the group, including writing contributions to several of the reports and lead authorship of at least one. Seth was the source [sethf.com] [sethf.com] of our decrypted censorware blacklists [sethf.com] [sethf.com] and managed many technical tasks, but later felt he had to leave the group because of the increasing prospects of a lawsuit [chillingeffects.org] [chillingeffects.org], particularly under the Digital Millennium Copyright Act (DMCA). After Seth left the group, the remaining five continued.

Robert Frost said that "nothing gold can stay," and the Censorware Project was no exception. Over the summer of 2000, Mike Sims' reaction to a perceived slight from Jim Tyre was to take the site down for a week. He sent us mail at the time saying something like "The Censorware Project is now closed." [sethf.com] [sethf.com] I replied to him that, given that the group was a collective and we all had an interest in its work product, the domain, and the goodwill it had achieved, the decision was not his to make. Sims did not reply.

After Seth created a partial, text, mirror, Mike put the site back up a week later without explaining, let alone apologizing for, his actions. Given his continuing failure to answer any email from me (and I think from others) and the overall signs that Sims thought the group was exclusively his, I wrote him several emails requesting that he turn the domain over to Jamie or Bennett, as I felt we could no longer trust him to administer it. We also found out during that time that important email from people trying to contact us, including members of the press, was not being answered by Sims, nor being forwarded to other members.

I ultimately became exasperated that my name was listed as a principal on what had now become a "rogue" site I had no control over. Over about a five week period, I wrote Sims several more emails asking him to delete my name from the site if he wasn't going to transfer the domain. Again, I received no reply.

In November 2000, Sims took the Censorware Project site offline again, with a message saying "Due to demands from some of the people who contributed, in however minor a fashion, to this site, it has been taken down." Judging from some email I received from him at the time, this meant me.

Its a sad thing, both because we got some good work done and because some of the other members of the group were eager to continue and in fact have continued working, while deprived then of the Censorware Project site, name, email aliases and public recognition. Within a few months after, we relaunched the site [archive.org] [archive.org], with the original content, at http://www.censorware.net [censorware.net] [censorware.net]. We only had the content available because Seth Finkelstein had mirrored it -- the rest of us trusted Mike and therefore had not maintained an archive out of his control.

But all the hundreds or thousands of links Censorware Project had build-up over the years still pointed to the old site. In some cases, it was impossible to fix them, since they were from mailing-list archives, old web news pages, in print, or webmasters didn't want to be to be bothered with edits. And anyone who tried to get in touch with us by sending mail to the previous contact address would have their message trashed by Sims.

In 2002, amidst the publicity of a major trial against a Federal censorware law ("CIPA" [ala.org] [ala.org]), Sims made further changes to the censorware.org site. He expanded it with an essay accusing various other members of the project, principally Seth, of bad behavior. Remarkably, in his chronology of events, he does not deny nor even try to explain his take-down of the domain of a busy activist group which did not at all consent to being robbed of its domain:

... A few weeks later, the last shreds flew apart in a couple of bitter emails back and forth, and the website came down. I was asked nicely by Jamie McCarthy to restore the site. Reconsidering my hasty actions, I did so.

... It was conveyed to me that Tyre and Seth were pleased that I had given in to Jamie's request and restored the site, because that meant that Seth could spider (use an automated tool to download every webpage) all the content off of the site in preparation for putting it up elsewhere. That is to say, what I thought was a sincere and honest request from Jamie was actually a sort of trojan horse - made under a dishonest pretense.

That was the last straw. At the beginning of November, the site came down, for good.

Michael has now set things up so that every pointer to former censorware.org content leads to his attacks. What this means is that hundreds or thousands of links which were put up elsewhere to Censorware Project content during our hey-day now, when followed, lead to Michael's denunciation of the group. Try the experiment -- invent a URL starting with censorware.org, such as http://censorware.org/DomainHijackedByMichaelSims/ index.html and you will get to Michael's rant.

Although we made some attempt to contact people maintaining pages that linked to us, and ask them to redirect the link to the new www.censorware.net, we could not contact all of them, and some never made the change. My own Ethical Spectacle [spectacle.org] [spectacle.org] site had scores of links to Censorware.org -- and every time I thought I had changed them all, I would find a few more.

In short, this is a colossal and continuing act of malice by our former webmaster, Michael Sims. It's not even ambiguous -- you can go and read Mike's essay at censorware.org and confirm that he admits he did it.

Astonishingly, there were no consequences [sethf.com] [sethf.com] to Michael, as far as I know, for taking down the Censorware Project content [sethf.com] [sethf.com] and redirecting its substantial web traffic, first to a page which said the group no longer existed, and now to his rant against its members. We had some internal discussions about suing him to get the domain back. I thought there might be some merit in it and that we might be able to prove common law collective ownership of the domain by establishing our mutual contributions of work and money to create the content which was published on the site. However, another lawyer, much more knowledgeable about these things than I am, believed that the fact that Michael had been allowed by us to register the domain in his own name would be definitive and that we would lose.

The Censorware Project had been invited to participate in a mailing list of free speech organizations known as IFEA [ifea.net] [ifea.net]-Plan. After Michael took down Censorware.org, several of us requested that he be removed from IFEA [ifea.net] [ifea.net]-Plan because he had so badly violated our confidence. (His current rant on the site reveals a number of confidential communications he received over the years.) The list-master declined to delete him and we got a number of "We don't want to get in the middle of this" type messages from various other participants.

I was naively astonished by these. If the ACLU [aclu.org] [aclu.org]'s webmaster had trashed the organization's site, I think everyone would pretty well recognize he was a Bad Character and Not To Be Trusted. As much more minor players, despite the significant contributions we had made in revealing what censorware actually blocked, no-one could be bothered to take a stand for us. There was nothing to be gained.

Another thing I learned from the experience is the pretty obvious lesson that it is ultimately hard to decide whom to trust when relationships are based on email and lack the significant visual cues we usually use in making trust-related determinations. However, I had met Mike in person twice, while there are other members of the Censorware Project I have never laid eyes upon.

Also, even in the most collegial, relaxed and rewarding collaborations, its good to have a written contract -- exactly the advice I used to give law clients but that none of us thought to adopt to protect ourselves against the eventuality of a rogue member.

Not offtopic, why moderated down?!? (1)

Anonymous Coward | more than 9 years ago | (#11404256)

Not entirely offtopic... also, we've had a slew of crappy moderations lately, so whoever down-modded the parent thread will doubtlessly down-mod me as well (hence anon).

Re:Not offtopic, why moderated down?!? (0)

Anonymous Coward | more than 9 years ago | (#11404480)

Not offtopic, but not particularly on topic either. And this was already posted to the first thread on the Panix hijacking. The moderator was probably getting tired of hearing about this.

Not very surprised (4, Interesting)

dbIII (701233) | more than 9 years ago | (#11404116)

I'm not surprised - not long ago they had the monopoly for the "com.au" domain and very very slow to respond about anything - even ignoring emails form ICANN for a couple of weeks at the start of September 2000. If one person goes on holidays your business in not supposed to stop working for the duration. They used to be a money making sideline for a government run university, and it shows.

They also have all the integrity to be expected of the major ".cx" registrar.

Re:Not very surprised (1)

Magickcat (768797) | more than 9 years ago | (#11404174)

Quite right. What's in Cthulhu's name was a university organisation doing with ".com.au" domains anyhow. It seemed like a case of nepotism.

Re:Not very surprised (1)

Fully Sick Like Ot's (850323) | more than 9 years ago | (#11404369)

Ha Ha, A professor from Melbourne University 'invented' if you like the .com.au domain space, he wanted to give these domain names away for free, A government organisation was put in place AUNIC, and the .com.au domain space went to tender. Melbourne IT won the tender. The only affiliation between Melbourne Uni and Melbourne IT is the word 'Melbourne', I wonder where they are in Australia?

Misinformed (3, Informative)

dbIII (701233) | more than 9 years ago | (#11404466)

A government organisation was put in place AUNIC, and the .com.au domain space went to tender
No - AUNIC was formed to take full control of "com.au" away from MelbourneIT, which has been around for a few years, and was started to take the pressure off the registrar for ".au" and eventually became a money making venture and then a publicly listed company. I do not know the proportion of the shares that Melbourne Uni retained.

Re:Not very surprised (0)

Anonymous Coward | more than 9 years ago | (#11404843)

When I was at Melbourne University in the early-to-mid 90s, Melbourne IT was located directly across the road. They may have moved since - this Internet thingie has really taken off since those days.

Re:Not very surprised (1)

Magickcat (768797) | more than 9 years ago | (#11404860)

Nope, MelbourneIT and Melbourne University are indeed connected [melbourneit.com.au] .

Re:Not very surprised (3, Funny)

SteeldrivingJon (842919) | more than 9 years ago | (#11404563)

They also have all the integrity to be expected of the major ".cx" registrar.

I expect that within the year they'll change their name to GoatseIT.

Netcraft confirms it (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11404138)

Netcraft confirms it: Panix is dead.

Melbourne IT have a history of fucking with this. (5, Informative)

Anonymous Coward | more than 9 years ago | (#11404156)

For quite some time, on the NS redelegatiom page of the MelbIT web site, you could enter in either a hostname, or an IP address, or both, to chose your new nameservers. Great for those of us having to move IP ranges or whatnot.

The problem is, the web form did nothing at all with the IP addresses you put in. It completely ignored them. You had to call up Melbourne IT and speak to somebody to get the mess sorted out. That one caused me a day of pain.

Other times, the staff members have stated facts that clearly went against all of their procedures on the web page for redelegation and/or key retreival. "Sorry, no, even though thats what the web page says, it REALLY means the opposite"

Re:Melbourne IT have a history of fucking with thi (1)

Morden (15788) | more than 9 years ago | (#11404731)

That's because some registries allow you to specify IPs, and others don't.

I probably should have added code to the form to not display the IP boxes if the domain space was known not to support it, but I could never get a clear answer as to which ones did and didn't.

The weekend rule (4, Insightful)

dbIII (701233) | more than 9 years ago | (#11404198)

I should point out that this is in Australia, where government bodies and those decended from them (like MelbourneIT) do not operate on weekends even if their survival depends upon it. In a recent terrorism trial the suspect could not contact anyone on a weekend to report a bomb plot - in 2002. One of the recent election promises was that the intelligence agencies would be contactable on weekends - although the phone number didn't make it into the most recent set of phone books after the entry lapsed.

She'll be right mate - no one at MelbourneIT would lose their job even if they transferred google by mistake on a weekend and did nothing about it until 9am Monday.

Re:The weekend rule (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11404431)

Speaking to an employee at Melbourne IT, I heard that THE CEO of the company was aware of the problem on the WEEKEND, and their response was that the company in question needed to provide sufficient proof that they were in fact the company they claimed to be (also initiated ON THE WEEKEND).

Melbourne IT were working within the policy of ICANN, whereby it is now acceptable for a domain to be transferred without the explicit approval of the original owner. This policy was recently changed - it originally only allowed domains to be transferred in ownership with an explicit APPROVAL from the original company. The policy is now such that if the original company does not respond to the request within 5 days, the company asking for transfer will by default have rights to the domain. Everyone who owns a domain effectively must monitor their whois e-mail address at least every 5 days in order to ensure they keep their domain.

This was NOT a case of Australian government being lazy. This idea of a "weekend rule" is stupid, and certainly did not apply here. This is illustrated by the fact that the company's CEO was involved ON THE WEEKEND.

Melbourne IT are very much a corporate entity now. They have share holders, and have a large emphasis internally on sales (much to the dismay of the employee I know). This so called "weekend rule" could be applied to many many other corporates as well (the one I work for being one of them!), since normal "BUSINESS hours" are Monday to Friday 9 til 5 (or whatever your variation is). You will notice that Melbourne IT's hours of operations [melbourneit.com.au] are rather extensive for an Australian "government" organisation. The notion that this situation was bred from some type of government "weekend rule" is ridiculous.

If google was transferred erroneously on a weekend, you can be sure that it would be dealt with very quickly by whoever needs to deal with it, while of course working in the realms of the policies that govern their processes. The policy is at fault here, not the company governed by them.

Re:The weekend rule (1)

dbIII (701233) | more than 9 years ago | (#11404621)

Melbourne IT's hours of operations are rather extensive
I can no longer beleive that, and I think this incident demonstrates that the 24/7 claim is false advertising.
Everyone who owns a domain effectively must monitor their whois e-mail address at least every 5 days in order to ensure they keep their domain.
Remember that MelbourneIT is the group that wouldn't even answer emails from ICANN to the ".com.au" whois address for a couple of weeks in 2000 - perhaps that's one of the reasons they no longer have it.

Party to fraud via incompetance and unwilling to deal with something that can ruin their reputation on a weekend - it doesn't really look very good. I only have three domains with them so they won't notice me when I move to someone else - but it's not a protest, I just don't think they can be trusted anymore, so I have to do it.

Re:The weekend rule (5, Funny)

philovivero (321158) | more than 9 years ago | (#11404462)

In a recent terrorism trial the suspect could not contact anyone on a weekend to report a bomb plot - in 2002.

Those Aussie terrorist suspects are a lot more polite than the Muslim and American ones. If all terrorist suspects would call in bomb plots, the authorities' jobs would be a lot easier.

"Yes officer, if you cut the red wire directly after the green one, you should have the bomb defused and be home by tea time."

Re:The weekend rule (2, Informative)

dbIII (701233) | more than 9 years ago | (#11404554)

Those Aussie terrorist suspects are a lot more polite than the Muslim and American ones
The guy appeared to have got mixed up with some very scary people in terrorist groups and tried several times to get help in return for telling everything he knew after he was asked to identify sites in Australia to place bombs. Eventaully he got through to someone and gave them information, but it wasn't taken seriously. A couple of years later some results had to be shown, so someone went back through the files and pulled him in and charging him with conspiracy - despite him trying to stop the conspiricy in the first place and not supplying the list of targets the terrorist wanted despite not getting protection and being in fear of his life. A big waste of time and money becuase someone didn't do their job and then others wanted a head on a pike to display before the masses.

An example of keeping things in perspective is the recent arrest of a couple of guys in Kalgoorlie, Western Australia for using explosives to blow up a satellite dish. In other places people might start screaming "terrorist!" but in this case the judge decided it was safe enough to let them out on bail before the trial. Terrorists kill people, they don't highjack domains or blow up inanimate objects.

terror (1)

Doc Ruby (173196) | more than 9 years ago | (#11404923)

Terrorists *scare* people - killing is just that scary that they do it. Impressively, hijacking an NYC domain name, even one called "Panix", isn't that scary. Maybe there's hope for us after all.

Re:The weekend rule (3, Interesting)

digitalchinky (650880) | more than 9 years ago | (#11404477)

'All' and I mean ALL domestic and international field sites controlled or operated by the 'intelligence agencies' have 24/7 contact phone numbers. Generally during normal 9-5 weekday working hours you will get a secretary, after that you will get the guard house. Yes, there are direct phone lines inside the compounds, but these are not typically published.

The thing is, you have to know who you want to speak to, and what section they work in. If you are just some tinfoil off the street, you don't get through.

Re:The weekend rule (1)

toby (759) | more than 9 years ago | (#11404552)

this is in Australia, where government bodies and those decended from them (like MelbourneIT) do not operate on weekends
Sounds quite civilised to me.

Lock your domain (4, Informative)

Anonymous Coward | more than 9 years ago | (#11404200)

If your registrar doesn't support locking, find another one that does. GoDaddy, EV1servers, etc do.

"Loophole" - Corporate killspeak for fuckup (2, Informative)

schmaltz (70977) | more than 9 years ago | (#11404210)

"Loophole" really means somebody at MelbourneIT didn't perform end-to-end tests of their registration server; that, or was only looking for primary adherence to the spec, and didn't check if their implementation could be fucked with.

Re:"Loophole" - Corporate killspeak for fuckup (3, Insightful)

Anonymous Coward | more than 9 years ago | (#11404300)

What about the systems at the central registry that allowed something so far out of compliance to actually succeed? That's more worrying to me.

In A Word... (2, Funny)

ackthpt (218170) | more than 9 years ago | (#11404226)

He doesn't go into detail about what that loophole was, or how it was closed. As a Panix user, I'd like more detail, and I'd like to know what can be done to stop this sort of nonsense happening to other domains."

In a word - Fosters.

Re:In A Word... (0)

Anonymous Coward | more than 9 years ago | (#11404406)

In a word - Fosters.

Yes, the employee went to drink his Victoria Bitter, found it was Fosters, and spat it all over the server, causing a major malfunction.

Re:In A Word... (1)

linatux (63153) | more than 9 years ago | (#11404415)

More like XXXX - they can't spell 'beer'!

Re:In A Word... (1)

MrPC81 (833183) | more than 9 years ago | (#11404697)

People from Queensland drink XXXX you dolt. In Victoria (where MelbourneIT is based) you drink VB. Only stupid Americans and a small number of very boring Aussies drink Fosters, which is why they are so desperate to flog their cow urine overseas.

Re:In A Word... (Off Topic) (1)

Larch (229337) | more than 9 years ago | (#11404782)

Fosters outside Australia is usually a license to use the name sold to another brewery, hence not always the horrible uriney crap you get under that name in Australia. Rumour has it it may also be relabled Crown Lager in some markets.

But I do get where you're coming from, everyone overseas seems to think we drink it (thanks to the advertising) but reality is people only drink Fosters here when there's no other choice, like at the Grand Prix.

Re:In A Word... (Off Topic) (1)

hate_this_nick (699884) | more than 9 years ago | (#11404962)

When faced with a situation where the only beer is fosters I would just not drink that day.

It doesn't look like their fault to me (3, Insightful)

harlows_monkeys (106428) | more than 9 years ago | (#11404239)

I'm confused. They were the receiving registrar of the transfer. However, it was the other registrar, that the domain was transfered from, that seems to me more at fault. Most registrars allow customers to "lock" a domain, which means that it cannot be transferred without the customer notifying the current registrar. Panix says they locked the domain. If that is so, then it should not have been transferable without their permission, no matter what loopholes were in Melbourne's system.

Re:It doesn't look like their fault to me (3, Interesting)

BJH (11355) | more than 9 years ago | (#11404785)

The problem was that MelbourneIT transferred the domain *without* any approval from the domain *owner*. In that case, it doesn't matter what the original registrar does...

Re:It doesn't look like their fault to me (2, Insightful)

chip rosenthal (74184) | more than 9 years ago | (#11405044)

Do you have a reference to where Panix said they locked the domain? I've been wondering whether or not that was done. I posted a blog entry [unicom.com] on this topic earlier this evening.

This could happen again ... (2, Interesting)

Anonymous Coward | more than 9 years ago | (#11404271)

Given that it's down to the registry (not the registrar) to actually commit any transfer request, and there are several stages of validation on this, isn't it down to them to NOTICE if something didn't go right?

If I'm reading the linked description of the transfer process right, in part 2 (allegedly where it fell over) the "gaining registrar is not permitted by the policy to initiate a transfer without approval from the registrant".

Not permitted BY THE POLICY? That's an awful lot of trust to put into each and every registrar never making a mistake or having a design flaw in their systems. Surely they should just bounce every transfer request that doesn't follow some sort of authorization procedure ... right?

Why are the registrars responsible for this step, and not the central registry itself? There's an awful lot of trust involved here, and this could happen with any registrar that happened to have a bug in their systems. I bet there's a way to exploit this from many registrars other than Melbourne IT that just haven't been found yet.

What Happened (5, Informative)

Marlor (643698) | more than 9 years ago | (#11404272)

Here is a basic explanation of what happened from what I have read.

ICANN recently changed the rules for domain name transfers so that rather than requiring confirmation for domain name transfers, they are transferred automatically if the owner does not object within a set period of time (a few weeks IIRC). This is meant to "streamline the domain transfer process". In this regard, I believe that ICANN is partially to blame for this hijacking. These policy changes need to be reviewed. You can, of course, lock your domain against this occurring, but it is a simple error to neglect to do this.

Melbourne IT is also more or less to blame for this hijacking (depending on who you believe). It has been confirmed that one of their resellers allowed someone to create an account with a stolen credit card number, and initiate the domain transfer process. Panix claims that Melbourne IT failed to send the notification of transfer to them or their registrar. They also state that they had asked that their domain be locked against transfers, but this did not occur. If this is the case, then this is a serious issue with Melbourne IT.

Mebourne IT has also been accused of being unavailable for contact over the weekend, despite promising 24/7 service. The only way that Panix managed to contact them was via the CEO's mobile number.

If these accusations are true, then this shows serious problems within Melbourne IT.

Re:What Happened (4, Insightful)

Anonymous Coward | more than 9 years ago | (#11404294)

They also state that they had asked that their domain be locked against transfers, but this did not occur. If this is the case, then this is a serious issue with Melbourne IT.

The real question here is whether Panix's registrar failed to lock the domain for transfers, or whether Melbourne IT somehow transferred it anyway after it was locked.

If it was not locked, then a lot of the blame can be shifted off Melbourne IT's shoulders. If it was locked, then there are some real issues with the domain transfer process.

Re:What Happened (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11404313)

If it was locked, I'd blame Dotster (the original registrar) because there should've been no way, at all, for Melbourne to even start transfering it.

Re:What Happened (1)

Stripes007 (462035) | more than 9 years ago | (#11404680)

Actually, that's not exactly correct.

With the new policy, the burden of verification lies solely on the gaining registrar. Yes, the administrative contact gets notified from the losing registrar, but if no response is received in 5 days, the transfer will proceed (assuming domain is unlocked).

Melbourne is almost completely to blame, they need to verify transfers properly. But, the domain admin should make sure that the name is properly locked, as this would have prevented the transfer from failing.

But.. (-1, Troll)

obeythefist (719316) | more than 9 years ago | (#11404306)

I was under the impression that the domain registration lapsed, Panix had changed addresses and not bothered to update the domain registry people, so they were uncontactable for the seven days after the domain expired and therefore it was put up in the open. That's what I read the first time this article was submitted to Slashdot anyway.

Why on earth is it a "hijack" (which makes it sound like a criminal offense) when a company doesn't care enough about it's domain name to keep the registry informed of how they can be contacted for administrative purposes, and then complains when they lose the domain? I understand the people who picked up the newly-unowned domain had no idea that it was in use and promptly returned it when they found out who previously owned it. Hardly a hijacking or a terrorist act to me.

Shouldn't this article be more like "Inept ISP forgets to reregister domain: Doesn't bother keeping it's address and phone number with registrar."

Anyone who is a Panix customer... maybe you should think about signing up with a more competent ISP, rather than one who blames it's own lack of dilligence on terrorists and hijackers.

Re:But.. (0)

Anonymous Coward | more than 9 years ago | (#11404327)

Soemone used a stolen credit card number to create an account, then initiated the domain transfer process. That sounds like a hijack to me.

The registration didn't lapse (1, Informative)

wytcld (179112) | more than 9 years ago | (#11404410)

Registrations are year-to-year, so:

Registrar: DOTSTER
Domain Name: PANIX.COM
Created on: 22-APR-91
Expires on: 23-APR-06
Last Updated on: 16-JAN-05

It could only lapse in April - and it sure as hell didn't lapse in April of 2004 and stay working for this long!

Re:The registration didn't lapse (1)

Strepsil (75641) | more than 9 years ago | (#11404501)

I checked the old data by querying Dotster's whois server directly after the last story. It showed April 2005 as the expiry date, so it hadn't expired. Looks like an extra year was added during the hijack.

At least they got something good out of it. :)

Read the article? (0)

Anonymous Coward | more than 9 years ago | (#11404424)

If by "read the first time this article..." you mean "I didn't read the article and I am speaking out of my ass." Then you are under the correct impression.

Re:But.. (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11404499)

But..you didn't check your facts. MelbourneIT had the domain transfered to them, even though Panix's registrar, Dotster, was not notified. A transfer lock was also in place for the domain.

I have no idea how you came to the conclusion that this is Panix fault, or the domain expired. Even with this incredible lack of evidence, you proceed to go out on a rant against Panix.

Check your facts before posting.

MelbourneIT (1)

ccdotnet (786114) | more than 9 years ago | (#11404372)

FWIW I could write a book on the number of problems I've had dealing with MelbourneIT over the past 8 years, and I probably will.

I still have a variety of domain names handled by them and their web-based domain management interface has no option to enable REGISTRAR-LOCK, and frankly I don't have 50 mins to spend in their phone queue.

"We normally respond to requests within 48 hours" .... says the email auto-responder....

Re:MelbourneIT (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11404665)

As have I - I used to use VIANetworks in Atlanta for client hosting, and as part of their new "No Soupport for you!" policy, they got into some silly reciprocal relationship with MIT. For a client's domain (when I opened the account I was still being stupid and lazy and letting the ISP register the domain for me - never again) VIANetworks said Melbourne IT was the registrar, MIT said Network Solutions was the registrar, and Network Solutions said VIANetworks was the registrar (no kidding).

Calling them wasn't an option - any attempts at e-mail produced at least a 72-hour lag - sometimes more. And meanwhile, the site in question was unreachable for over a month. I even went so far as to apologize for the election here, in case that had anything to do with it.

I tell this maudlin tale of woe in order to get to the punchline - finally, after several different go-rounds with them, faxing this and that (all of which they admitted that they misplaced - I felt great about having my client fax his signature and then hearing that), I finally simply badgered them into giving me the registry key. They had no proof of who I was, took my word for the fact that I had sent them the information I sent them, and gave me access to the DNS settings simply because I barked loud and long enough. I wrote mad e-mails and it worked (score: squeaky wheels 1, rightful domain owners, 0). I don't call that a policy "loophole" - it struck me as simple bonehead security.

I'm quite surprised that this doesn't happen more often with them - maybe it does, and most of the people who pester this kind of response out of them are just doing it for whatever practical, non-malicious reasons.

Re:MelbourneIT (0)

Anonymous Coward | more than 9 years ago | (#11404935)

dude - I gave up on melbourneIT last year and moved all our (work, mostly charity) domains to Explorer (explorer.net.au) - you can actually get someone on the blower who has a clue if you have problems with transfers and etc. Great stuff.

To prevent this from happening to your domains (4, Informative)

Somegeek (624100) | more than 9 years ago | (#11404394)

Evidently ICANN made a policy change in November 2004 that was intended to make it easier to transfer domains between registrars, but it turns out to also make it easier to hijack domains. Apparently multiple domains have been hijacked from Dotster.com, (the registrar for panix.com), so I would guess that they have some holes in their procedure for confirming transfers with their customers.

How do you prevent this? Well, when reading the various articles about this, (I know, I'm new here), I ran across the phrase 'locking your domain'. I had never heard of this before, but I checked with my registrar, and sure enough they now have settings for 'normal' and 'high' transfer security. Basically they will not allow any domains that have 'high transfer security' set on to be transferred. Period. Whether they can get in contact with me or not. If I want the domain transferred, I have to log in and reset transfer security to normal, and then a transfer can go ahead. Otherwise it stays with me until it expires. Unfortunately the default setting was normal, but once I knew about it, it only took 30 seconds to set my domains to 'high'.

In theory anyway; panix.com says that their domain was set to 'locked' with dotster, so your mileage may vary. Maybe tucows or someone can randomly test transfer attempts of 'locked' domains and certify registrars that appropriately deny the transfers?

So, check your domains now, set them to locked, or high security, or whatever your registrar calls it. If they don't have such a setting, hey, it ought to be easy to transfer your domain to one that does!

Re:To prevent this from happening to your domains (2, Informative)

belmolis (702863) | more than 9 years ago | (#11404610)

ICANN is soliciting comments on the revised transfer policy: RFC [icann.org] . Let them know what you think.

Clearly, MIT has it's priorities. (5, Funny)

Saeed al-Sahaf (665390) | more than 9 years ago | (#11404407)

Panix CEO Alex Rosen said. "I didn't find useful 24-hour NOC-type info anywhere. MIT apparently has no weekend support at all; I finally located their CEO's cellphone in an investor-relations web page."

Clearly, MIT has it's priorities.

Re:Clearly, MIT has it's priorities. (5, Funny)

SteeldrivingJon (842919) | more than 9 years ago | (#11404623)


I expect that is the loophole they have fixed. The CEO's contact info is probably completely gone, now.

Re:Clearly, MIT has it's priorities. (1)

Morden (15788) | more than 9 years ago | (#11404758)

This is fair enough.

The system administrators (and I'm sure the CEO) don't want users finding their contact information and calling them to ask them to change their contact information.

How many companies DO put this information online/

Re:Clearly, MIT has it's priorities. (1)

Saeed al-Sahaf (665390) | more than 9 years ago | (#11404901)

Most companies DO have some type of contact information for technical service and emergencies...

sorry but... (0)

Anonymous Coward | more than 9 years ago | (#11404474)

I see the words MelbourneIT and I'm not surprised. Have had to transfer domains from them legitimately for clients and/or change hosting information and out of all registrars I've ever dealt with they are one of the most unresponsive in the industry. Verisign/Network Solutions is better. Don't do there.

YOU 7AIL IT (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11404504)

The good, the bad and the ugly (1)

canuck57 (662392) | more than 9 years ago | (#11404536)

The good, the CEO admitted it so something will likely happen to prevent it in the future.

The bad, panix.com users were compromized and without service

The ugly hopefully (as far as we know) does not happen. Such hijackings can lead to compromized passwords and accesses to other systems.

Be careful out there...

Re:The good, the bad and the ugly (1)

Morden (15788) | more than 9 years ago | (#11404768)

The good, the CEO admitted it so something will likely happen to prevent it in the future.

Last I checked, Bruce is the CTO not the CEO.

Alternatives in AU (0)

Anonymous Coward | more than 9 years ago | (#11404541)

Who do I use inside Australia besides Melbourne IT?
My only recent interaction with them resulted in a yelling match.

Re:Alternatives in AU (2, Informative)

Morden (15788) | more than 9 years ago | (#11404881)

I've used Enetica quite happily.

Re:Alternatives in AU (1)

Magickcat (768797) | more than 9 years ago | (#11404959)

ditto - Enetica are much more switched on.

More than one Bruce Tonkin? (1)

HiggsBison (678319) | more than 9 years ago | (#11404677)

Is this the same Bruce Tonkin from Round Lake, Illinois (U.S.A) who was president of T.N.T. Software, and wrote My Word!, or is this just a coincidence? Not that there couldn't be more than one. I was just wondering.

See what happens... (0)

Anonymous Coward | more than 9 years ago | (#11404816)

When you trust a bunch of Australians with the managment of your domain name..

Very not surprised (1)

lucaschan.com (457832) | more than 9 years ago | (#11404930)

Melbourne IT's service has always been lousy. Maybe they'll get their act together one day.

Using Lock makes this a bad comprimise! (2, Insightful)

logicnazi (169418) | more than 9 years ago | (#11405020)

The recomendation in the linked discussion is that by using both restrar-lock and auth_info the system provides a reasonable comprimise between security and the incentive for registrars to make the domain transfer process as difficult as possible.

Now, I agree that there is certainly a worry that losing registrars could make sending a domain name very difficult if they initiated a transfer. However, a system which provides registrar-lock which many registrars initiate by default and require user action to remove is just as abuseable. So long as the registrar may put on registrar-lock by default they may incorporate any difficulty they want into the process of removing registrar lock. In fact this is even worse than just requiring the losing registrar to initiate a transfer. After all many domain holders like myself until today have no idea that registrar lock even exists and may attempt to do the transfer before we know we have to undo the registrar lock, adding additional difficulty on top of any difficulty for removing registrar-lock.

As it is we get the worst of both worlds. Since registrar-lock is not always turned on many domain names are left vulnerable but those registrars who want to make it difficult to leave have just as much incentive to turn on registrar-lock by default and make it hard to turn off as they would to initiate a transfer. At this point it would be strictly better to go to a loser-initiated system.

I think a good fix would be to require that registrar-lock be off by default. Those domains that wanted it could turn it on easily, after all the registrar has every incentive to make this as easy to do as possible. This is also a good match for the threat/benefit model. Big name domains are must liable to be attacked, but they have departments that can deal with a difficult transfer process, while private users can leave registrar-lock off knowing that they are unlikely to be targeted and being more likely to change registrars anyway.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?