IDN Forums - Internationalized Domain Names  
Home | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > IDN Discussions > General Discussion

General Discussion Feel free to talk about anything and everything in this board.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 26th December 2007, 06:32 AM
Member
 
Join Date: Apr 2007
Posts: 330
iTrader: (8)
Rep Power: 513
L@@K is an unknown quantity at this point
WARNING: Google’s GMail security failure



This guy mention a security pbm in gmail. He lost a domain name. This info can be useful for all if it's true so I post here.
Check your emails if you're at gmail.

http://www.davidairey.co.uk/StaticPage.html
__________________
.
Reply With Quote
  #2 (permalink)  
Old 26th December 2007, 06:49 AM
mgrohan's Avatar
Senior Member
 
Join Date: Jul 2007
Posts: 1,206
iTrader: (25)
Rep Power: 1455
mgrohan will become famous soon enoughmgrohan will become famous soon enoughmgrohan will become famous soon enoughmgrohan will become famous soon enoughmgrohan will become famous soon enoughmgrohan will become famous soon enoughmgrohan will become famous soon enough
Re: WARNING: Google’s GMail security failure

Surprised something like this could happen, first i have heard of it. Thanks for the notice..
Reply With Quote
  #3 (permalink)  
Old 26th December 2007, 06:57 AM
Member
 
Join Date: Apr 2007
Posts: 330
iTrader: (8)
Rep Power: 513
L@@K is an unknown quantity at this point
Re: WARNING: Google’s GMail security failure

I believe it can be a good option if your whois' email is different than your registrar account email ,o)
__________________
.
Reply With Quote
  #4 (permalink)  
Old 26th December 2007, 08:17 AM
Senior Member
 
Join Date: Dec 2006
Posts: 1,036
iTrader: (32)
Rep Power: 751
khurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished road
Send a message via Skype™ to khurtsiya
Re: WARNING: Google’s GMail security failure

Thanks for sharing!
__________________
Киев.com.ua - offers welcome
Reply With Quote
  #5 (permalink)  
Old 26th December 2007, 10:18 AM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4536
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: WARNING: Google’s GMail security failure

Get your own paid email provider with a solid reputation. Free = Crap!

Forward your email to Mail box using MX records.

Your email security is paramount. Don't leave it to chance!
__________________
All offers to sell are void.
Reply With Quote
  #6 (permalink)  
Old 26th December 2007, 10:30 AM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 1010
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: WARNING: Google’s GMail security failure

Quote:
Originally Posted by Rubber Duck
Get your own paid email provider with a solid reputation. Free = Crap!

Forward your email to Mail box using MX records.

Your email security is paramount. Don't leave it to chance!

One of the things some people do is to use an email address from the same domain in their contact info believing that this is a "security feature". This is a huge mistake.

For example, if I register sex.com and I set my contact address to mj@sex.com, then if the domain goes into redemption the registrar will stop allowing the domain to resolve. This means that you won't get the emails that they are sending you about your domain... because although your MX, e.g. mail.sex.com, is running and accepting connections, other mail servers can't resolve the hostname mail.sex.com.



.
__________________
.
Reply With Quote
  #7 (permalink)  
Old 26th December 2007, 10:34 AM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4536
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: WARNING: Google’s GMail security failure

It might also be inherently a breach of ICANN rules, so it might leave you more open to confiscation or WIPO, as they would be regarded as bullshit contact details.

Quote:
Originally Posted by jacksonm
One of the things some people do is to use an email address from the same domain in their contact info believing that this is a "security feature". This is a huge mistake.

For example, if I register sex.com and I set my contact address to mj@sex.com, then if the domain goes into redemption the registrar will stop allowing the domain to resolve. This means that you won't get the emails that they are sending you about your domain... because although your MX, e.g. mail.sex.com, is running and accepting connections, other mail servers can't resolve the hostname mail.sex.com.



.
__________________
All offers to sell are void.
Reply With Quote
  #8 (permalink)  
Old 26th December 2007, 10:49 AM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 1010
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: WARNING: Google’s GMail security failure

Quote:
Originally Posted by Rubber Duck
It might also be inherently a breach of ICANN rules, so it might leave you more open to confiscation or WIPO, as they would be regarded as bullshit contact details.
No, there is absolutely nothing wrong with doing this in terms of ICANN or WIPO. It only falls to the stupidity side in that emails can't be sent to the contact address if the domain is already expired.

If you always remember to renew your domains in advance, then this is ok. For example, many companies do this and they have their domains renewed for 10 years in advance.

But this is very stupid for year-by-year renewers.

.
__________________
.
Reply With Quote
  #9 (permalink)  
Old 5th March 2008, 10:47 PM
Member
 
Join Date: Apr 2007
Posts: 330
iTrader: (8)
Rep Power: 513
L@@K is an unknown quantity at this point
Re: WARNING: Google’s GMail security failure

Ok, some news about this (old?) pbm.

WebRankInfo, one of the most popular french forum (for webmasters) has been stolen...

http://www.dnforum.com/f500/webranki...ad-283234.html (thanks Dabsi)

http://fr.news.yahoo.com/pcinpact/20...n-c2f7783.html

http://www.google.fr/search?hl=fr&rl...chercher&meta=

The site: webrankinfo?com

Last chance guys:
Change immediatly your email if you're at Gmail !
__________________
.

Last edited by L@@K; 5th March 2008 at 10:59 PM..
Reply With Quote
  #10 (permalink)  
Old 6th March 2008, 04:18 AM
mdw's Avatar
mdw mdw is offline
Member
 
Join Date: Jul 2006
Location: upstairs
Posts: 838
iTrader: (24)
Rep Power: 598
mdw is an unknown quantity at this point
Re: WARNING: Google’s GMail security failure

You guys need to wake up - L@@K!

There are plenty more attacks coming your way and they have nothing to do with gmail problems. In this case, the culprit is that stupid registrar. Who unlocks domains and sends EPP code based on an email message? That's amateur hour - reminds me of the old attacks where people call on a phone and pretend to be someone who forgot their account information. Pick a real registrar for your valuable domains, not some mickey mouse outfit like this one.

People assume things about security on the web that are just not realistic. At the root of much of this, including the gmail attack cited, is a broken security model in Javascript and unresolved issues in browsers. Be cautious about plugins and extensions (except the wonderful IDN extension), use separate browsers for ongoing work and one-time secure stuff like accesing your bank account - for example work all day in firefox, but when you check your huge checking account balance, open an instance of Opera or IE7 to do it, leaving those 12 tabs of wacky web with no access to your important stuff. And so on and so on.

But counseling folks to avoid gmail? That's just naive. There are attacks against your browser that will become increasingly common this year, and the results can be forged transactions with e-trade, your local bank, paypal, etc. and it's not the fault of these websites. People need to grow up and start browsing a bit more responsibly, just as you must learn to drive a car responsibly. As our important interactions with the world are increasingly web-based, we all need to become more skillful web users for our own protection.
Reply With Quote
  #11 (permalink)  
Old 6th March 2008, 12:47 PM
Member
 
Join Date: Apr 2007
Posts: 330
iTrader: (8)
Rep Power: 513
L@@K is an unknown quantity at this point
Re: WARNING: Google’s GMail security failure

I was especting more a "thanks for sharing" than "you're naive"...

For your info, the official story is here: olivier-duffez?fr

"Mon nom de domaine webrankinfo.com m’a été volé la semaine dernière par un pirate qui a exploité une faille de Gmail pour accéder au compte qui était associé à ce nom de domaine."

=>"My domain name has been stolen last week by a hacker who use a security failure in Gmail to access my account".

It was well a Gmail pbm and not from the registrar.

So naive ? Really ?
Naive for me is people who don't learn from other stories.
2 month ago I was speaking about this pbm, and now WRI is stolen.
(ok imagine namepro or dnforum stolen, it's the same here)

So who is naive Sir ?
__________________
.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 07:20 PM.

Site Sponsors
Your ad here
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54