Slashdot Mirror

← Back to Stories (view on slashdot.org)

MelbourneIT Lapse Permitted Panix Hijack

Posted by timothy on from the malice-finds-a-way-in dept.

McSpew writes "Netcraft reports MelbourneIT's CTO, Bruce Tonkin, has admitted the Panix domain hijacking occurred because of a loophole in MIT's domain transfer process. He doesn't go into detail about what that loophole was, or how it was closed. As a Panix user, I'd like more detail, and I'd like to know what can be done to stop this sort of nonsense happening to other domains."

4 of 200 comments (clear)

  1. Not very surprised by dbIII · · Score: 4, Interesting
    I'm not surprised - not long ago they had the monopoly for the "com.au" domain and very very slow to respond about anything - even ignoring emails form ICANN for a couple of weeks at the start of September 2000. If one person goes on holidays your business in not supposed to stop working for the duration. They used to be a money making sideline for a government run university, and it shows.

    They also have all the integrity to be expected of the major ".cx" registrar.

  2. Re:Overworked by ajd1474 · · Score: 5, Interesting

    I have had my share of problems with Melbourne IT.

    My father registered a domain name with them under the company name " Brothers Inc." But on the form mispelled Brothers as Borthers. On top of that, no such company ever existed.

    When it came time to transfer the domain name to me, Melbourne IT wouldnt have a bar of it. They wanted proof of my association with this "fictional" company before i could take contral of the domain. When i pointed out that no such company existed, they argued and insisted that i produce a permission of transfer on the company letterhead of "******* Borthers" before they would allow me to move the domain.... even though they acknowledged that no such company exists.

    So what did i do? I created a fake letterhead, signed it and faxed it. They then gave me full control of the domain the same day!

    --
    I refuse to have a sig... dammit!
  3. Re:The weekend rule by digitalchinky · · Score: 3, Interesting

    'All' and I mean ALL domestic and international field sites controlled or operated by the 'intelligence agencies' have 24/7 contact phone numbers. Generally during normal 9-5 weekday working hours you will get a secretary, after that you will get the guard house. Yes, there are direct phone lines inside the compounds, but these are not typically published.

    The thing is, you have to know who you want to speak to, and what section they work in. If you are just some tinfoil off the street, you don't get through.

  4. Re:It doesn't look like their fault to me by BJH · · Score: 3, Interesting

    The problem was that MelbourneIT transferred the domain *without* any approval from the domain *owner*. In that case, it doesn't matter what the original registrar does...