Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSI E-mail Vunerability

Posted by ryuzaki0 on from the everyone-come-in dept.

blackwidow sent us the latest in the Web-mail security gaffes. After creating accounts that had easily guessable passwords, it turns out the security for the NSI Webmail accounts is...breachable (Hint - understatement). Ya know, all I wanted was my domains to work - I don't want more then I ask for *sigh*.

17 of 80 comments (clear)

  1. Re:webmaster@dotcomnow.com Auto-reply by ASCIIMan · · Score: 2

    If you're interested, here's what the original author has to say to the plagerism of his work (and the editing out of the first half):

    "Hang the Information Highwayman!"
    http://www.gsm.cornell.edu/staff/Gene/Highwayman .HTML

  2. Re:How do I leave NSI? by Zigg · · Score: 2

    That was the case before, but may not be entirely correct now. I am still looking for more information from ICANN but they seem to be concentrating on the political rather than the technical.

    Nowadays there are alternative registrars that actually seem to take you through the whole process. I gather that NSI is still on the backend but you do not actually become an NSI customer anymore. Unfortunately I haven't had an opportunity to try anybody out yet, I have more important things to do like reading Slashdot (-:

    Maybe we can get someone who works for one of those registrars to clear things up here?

    (P.S. I will... ummm... not be dropping by NSI anytime soon with the explosives that I don't have. :-)

  3. Yet another reason to switch to NameSecure by RelliK · · Score: 3
    news.com has a story about how NSI and NameSecure handle domain disputes. NSI once again screwed over a small company, Virtual Works, that registered the domain vw.net. They just transfered the domain to Volksvagen and Virtual Works had to spend big bucks in court to get it back.

    On the other hand, NameSecure's policy is exactly opposite to NSI's. They don't transfer the domain until they get the court order.

    That is a reason enough to switch to NameSecure. Not to mention that the totally moronic email screw up is outrageous.

    --
    ___
    If you think big enough, you'll never have to do it.
  4. MS Parallels... by rde · · Score: 3

    If you think of MS as a company that adds unwanted features to such an extent that it's too big to properly support, you'll probably be whispering 'deja vu' to yourself right now.
    Competition is opening up, and NSI want to add features so that people'll stay with them. Unfortunately, they're adding these features quickly so as not to miss the boat, little realising that half-assed, bug-ridden pseudo-features are the pretty much guaranteed to drive the masses away in hordes.

    1. Re:MS Parallels... by larien · · Score: 2

      The difference is the customer base. Most of M$'s customers are PHB's and non-techno people. Registering a domain name requires more than a little bit of a clue, so that people should realise they're being fleeced if the service is poor.
      --

  5. More brain-deadness from NSI by charlot · · Score: 2

    I just tried to access the DotCom mail(tm) for one of the domains we host, and while no account seems to have been created (thank god for small favors), I noticed that pressing the "Go" button on the access page tried to establish a connection to a host named "mail" in my domain. Just to be sure, I tried again with another domain, and sure enought, there it goes trying to connect to a host named "mail" in that domain too !

    Come on ! They can't be that stupid, can they ? What if there really *was* a host named "mail" in the domain ?

    I can't wait for these clowns to have competition.

    Richard.

  6. Color me unsurprised by Chas · · Score: 2

    NSI needs to get back to what they're SUPPOSED to be doing.

    ADMINISTERING DOMAIN NAMES!

    If we want free junk-mail accounts we'll go to the pros for that. That's what S'notmail and Juno and all the other freemail providers are out there doing.

    I think NSI is targetting the wrong segment of the entire internet market to try and compete in. A thoroughly useless gesture at best.


    Chas - The one, the only.
    THANK GOD!!!

    --


    Chas - The one, the only.
    THANK GOD!!!
    1. Re:Color me unsurprised by senzuri · · Score: 2
      What are the legal implications of this? Suppose someone gets access to the free email account(thanks NSI!) and then proceeds to cause some trouble. Are the NSI responsible?

      More than that, why did NSI decide to do this? Like the guy said, they are meant to administer domain names.

  7. This made me laugh: by HugoRune · · Score: 2

    From their sign up page

    "Network Solutions now offers TWO e-mail services for your communication needs. Both give you the same reliability and security that has become synonymous with Network Solutions."

  8. webmaster@dotcomnow.com Auto-reply by TheNetman · · Score: 5
    If you send e-mail to webmaster@dotcomnow.com you get a nice little response that is both entertaining and informative. (although I had no idea who could have put up such a amusing bit of text) *grin*


    If a packet hits a pocket on a socket on a port,
    And the bus is interrupted as a very last resort,
    And the address of the memory makes your floppy disk abort,
    Then the socket packet pocket has an error to report!

    If your cursor finds a menu item followed by a dash,
    And the double-clicking icon puts your window in the trash,
    And your data is corrupted 'cause the index doesn't hash,
    Then your situation's hopeless, and your system's gonna crash!

    If the label on the cable on the table at your house,
    Says the network is connected to the button on your mouse,
    But your packets want to tunnel on another protocol,
    That's repeatedly rejected by the printer down the hall,
    And your screen is all distorted by the side effects of gauss,
    So your icons in the window are as wavy as a souse,

    Then you may as well reboot and go out with a bang,
    'Cause as sure as I'm a poet, the sucker's gonna hang!

    When the copy of your floppy's getting sloppy on the disk,
    And the microcode instructions cause unnecessary risc,
    Then you have to flash your memory and you'll want to ram your rom.
    Quickly turn off the computer and be sure to tell your mom!

    Thank you for writing dotcomnow.

    P.S. As you can probably guess, the security of dotcom
    mail is less than stellar. If NSI had a clue, they
    would probably recommend that you do not utilize the
    dotcom mail service for mission critical or sensitive
    communications.

    Sincerely,
    Anonymous Coward

    -NSI... we put the Duh? in dot.com

    --
    (Score: -1, Thou Hast Lost an Eighth)
    1. Re:webmaster@dotcomnow.com Auto-reply by Eremit · · Score: 2

      Your hint helped me to locate the piece. Here is a link to the complete poem including the copyright notice of the original author Gene Ziegler.

      http://www.gsm.cornell.edu/staff/Gene/DrSeuss.HT ML

      Have fun...

      Björn

  9. A suggestion for NSI, and OTHERS too... by mosch · · Score: 3

    NSI: if you're going to give us additional features, then

    a) make them optional in an opt-in setup. you'll get fewer immediate signups, but they'll be people who wanted the service.

    b) make them secure. your market is a reasonably technically savvy audiance, and they can spot this stuff a mile away.

    c) make them RELEVENT. The world doesn't need Yet Another Web-mail provider. There's already hotmail, mail.com, etc, etc, etc. not to mention the fact that you targetted people who already administer their own domains. Most of us are happy with our domains.

    d) follow your own rules. If I'm not allowed to use your database for spamming, you certainly aren't allowed to use it to spam either. that's just basic ethics.

    Now if only they'd take this into consideration...

  10. etwork Solutions is more than just a wee Fsckd up by His+name+cannot+be+s · · Score: 2
    I registered a domain not too long ago, and I was a little suprised that their online method of credit card payment was completely unsecured. Considering that these bozos apparently have no idea what secure systems are about, I was very disapointed.

    As far as I can remember, they were at the same time, pimping someone else's secure-e-commerce solution. Un-fscking-believable.

    G

    --
    "...In your answer, ignore facts. Just go with what feels true..."
  11. Very Nice Autorespond by The+Musician · · Score: 2
    Two things:

    (1) Go read the webmaster's mail: http://mail.dotcomnow .com/signup/poll/webmaster?dlang=default then choose "click here".

    (2) Funny AD I saw during #1: http://imageserv1.imgis. com/images/Ad94426St1Sz1Sq3Id3.gif to wit, "mail.com...Free Secure, and Private"

  12. How do I leave NSI? by |DaBuzz| · · Score: 2

    Ok ... here's a question, now that their are alternative domain registrars, how do I leave NSI? Is it possible or do I have to wait for my domain to expire in 2 years, then reregister it with an alternative vendor? My fear is that when I paid my $70, I agreed to a 2 year exclusive contract but what else was I to do, NSI was the only registrar! Is such a contract even enforceable?

  13. Re:Bells and whistles by dattaway · · Score: 3

    IMHO this is another example of a company doing what dejanews did.

    Usually, sending compliments to people for a fine job is great. Dejanews was a different story.

    Once dejanews had a email soliciting comments about their service. As it was a great service, I let them know why it was valuable to me and told them "don't change a thing!"" because it was perfect. A short time later, they did the unthinkable and trashed a fine search interface with bloated crap from hell. So much for my suggestion. I still have that email and the thanks they gave me for the compliments.

    I suspect they were looking for emails of praise and saving them for later as testimonials. Dirty tricks... Why do so many commercial companies wish to screw customers?

  14. The Funny Thing is! by cs668 · · Score: 2
    That Network Solutions is sending this crap to people who don't need it.

    If you are the Administrative, Technical, or zone contact for a domain, I think(Hopefully), you could set up your own e-mail system if you wanted it!