|
| CNN WEB SITES: |
|
| TIME INC. SITES: |
| MORE SERVICES: |
| video on demand |
| video archive |
| audio on demand |
| news email services |
| free email accounts |
| desktop headlines |
| pointcast |
| pagenet |
| DISCUSSION: |
| message boards |
| chat |
| feedback |
| SITE GUIDES: |
| help |
| contents |
| search |
| FASTER ACCESS: |
| europe |
| japan |
| WEB SERVICES: |
NSI makes free e-mail security blunder
|
September 20, 1999 by Sean Dugan |
From...
|
 INTERACTIVE
|
|
|
(IDG) -- Network Solutions Inc. (NSI) discovered that no good deed goes unpunished when its attempt to offer a free e-mail service backfired with a significant security problem.
NSI, the company that assigns and manages Internet domain names, recently launched a new Web site and an accompanying free e-mail service, similar to that offered by Yahoo and Microsoft Hotmail. Through the service, called "Dot Com Now Mail," NSI offered free e-mail accounts for all those who registered domain names.
|
| ||
|---|---|---|
|
IDG.net home page | |
| InfoWorld home page | ||
| InfoWorld forums home page | ||
| InfoWorld Internet commerce section | ||
| Get Media Grok and The Industry Standard Intelligencer delivered for free | ||
| Reviews & in-depth info at IDG.net | ||
| IDG.net's personal news page | ||
| Year 2000 World | ||
| Questions about computers? Let IDG.net's editors help you | ||
| Subscribe to IDG.net's free daily newsletter for IT leaders | ||
|
Search IDG.net in 12 languages | ||
| News Radio | ||
|
Fusion audio primers | |
|
|
Computerworld Minute | |
However, as it turns out, nearly anyone, including unauthorized users, could sign up to use a domain registrant's e-mail account -- thanks to badly configured default security.
NSI set up the e-mail accounts for registrants using the convention "domainid" for log-in, and "domainidnsi" for the password. InfoWorld confirmed that anyone who knows a domain name could access the free e-mail account before the legitimate owner did. In doing so, the unauthorized user could change the password and effectively lock legitimate users out.
Additionally, the accounts were set up using the domain registrant's last name, with the password "lastnamenai" convention, which makes them subject to the same problem -- if an unauthorized user knows a registrant's last name, they gain access to the e-mail account.
NSI could not be reached for comment.
As of 2 p.m. Eastern time Thursday, Sept. 16, the new NSI Web site was redirecting users to NSI's home site.
Sean Dugan is senior research editor at InfoWorld.
RELATED STORIES:
Internet privacy issues focus of Paris summit
September 16, 1999
Status of Hotmail privacy unclear
August 30, 1999
Status of Hotmail privacy unclear
August 30, 1999
Federal agency recruits hacker teens
August 26, 1999
Anti-gay site goes back to rightful owners
August 23, 1999
Hackers, IT consultants embrace free security tool
August 13, 1999
Hacking group reveals IP-security glitch
August 13, 1999
Hacking your way to an IT career
August 13, 1999
Microsoft says "crack this!"
August 6, 1999
Domain-name tests extended again
September 14, 1999
RELATED IDG.net STORIES:
ICANN curtails NSI's influence over Net policy
(InfoWorld Electric)
If ICANN can't navigate Web politics, it might be time to replace it
(InfoWorld Electric)
U.S. senators chastise ICANN, NSI
(Network World Fusion)
NSI to get into the directory business
(Network World Fusion)
ICANN offers draft plan for NSI competition
(Network World Fusion)
Shouldn't they call it ICANN't?
(Network World Fusion)
Free PC, Internet access and e-mail? Sure, the victims are willing
(Network World Fusion)
After security breach, Microsoft to get outside audit of Hotmail free e-mail service
(InfoWorld Electric)
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.
RELATED SITES:
Network Solutions Inc. (NSI)
The Internet Corporation for Assigned Names and Numbers (ICANN)
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.
| LATEST HEADLINES: |