IDN Forums - Internationalized Domain Names  
Home | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > IDN Discussions > General Discussion

General Discussion Feel free to talk about anything and everything in this board.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 8th May 2013, 10:45 PM
Senior Member
 
Join Date: Oct 2007
Posts: 3,353
iTrader: (29)
Rep Power: 1264
htmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished road
Name.com - Security Notice: Password Reset‏

I just got this email today. Apparently Name.com has had their systems hacked. Does anyone else know more about this? This seems very concerning.

Quote:
We are writing to inform you of a security measure we have taken to protect the integrity of the domain names and information associated with your account.

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don't believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.

As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.

Please click the link below to reset your password:
https://www.name.com/account/reset/*...**************

We take this matter very seriously. We've already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.

We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email customercare@name.com. We'll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.

Thanks,
The Name.com Team
Reply With Quote
  #2 (permalink)  
Old 9th May 2013, 12:41 AM
Rockruler's Avatar
Member
 
Join Date: May 2010
Posts: 426
iTrader: (13)
Rep Power: 407
Rockruler is an unknown quantity at this pointRockruler is an unknown quantity at this point
Re: Name.com - Security Notice: Password Reset‏

Yeah I received the same notice. It's probably worth a check to make sure are your names are still in your account.
Reply With Quote
  #3 (permalink)  
Old 9th May 2013, 01:10 AM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by htmlindex View Post
I just got this email today. Apparently Name.com has had their systems hacked. Does anyone else know more about this? This seems very concerning.
The purpose of the hack was to take down a rival hacker's IRC channel. I dont think any of our xn-- domains were targeted. http://www.domainnamenews.com/regist...d-xinnet/22534
Reply With Quote
  #4 (permalink)  
Old 9th May 2013, 01:34 AM
DktoInc's Avatar
Senior Member
 
Join Date: Dec 2009
Location: Land of the Loon
Posts: 1,583
iTrader: (2)
Rep Power: 2168
DktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura aboutDktoInc has a spectacular aura about
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by squirrel View Post
The purpose of the hack was to take down a rival hacker's IRC channel. I dont think any of our xn-- domains were targeted. http://www.domainnamenews.com/regist...d-xinnet/22534

but if they were it would be like taking candy from a baby.

Hackers Break in to Prominent Domain Registrars, Moniker, Melbourne IT, Name.com and Xinnet

Hmm maybe godaddy isn't that horrible after all or not prominent enough.
Reply With Quote
  #5 (permalink)  
Old 9th May 2013, 01:41 AM
Rockruler's Avatar
Member
 
Join Date: May 2010
Posts: 426
iTrader: (13)
Rep Power: 407
Rockruler is an unknown quantity at this pointRockruler is an unknown quantity at this point
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by DktoInc View Post
Hmm maybe godaddy isn't that horrible after all or not prominent enough.
Exactly. Anybody who thinks their domains are safer at one registrar vs. another is sorely mistaken.
Reply With Quote
  #6 (permalink)  
Old 9th May 2013, 03:37 AM
Veteran
 
Join Date: Feb 2006
Posts: 7,495
iTrader: (65)
Rep Power: 2677
blastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enough
Re: Name.com - Security Notice: Password Reset‏

domainsite.com also affected
Reply With Quote
  #7 (permalink)  
Old 9th May 2013, 03:48 AM
Member
 
Join Date: Feb 2009
Posts: 383
iTrader: (12)
Rep Power: 1112
welkin will become famous soon enoughwelkin will become famous soon enoughwelkin will become famous soon enoughwelkin will become famous soon enoughwelkin will become famous soon enoughwelkin will become famous soon enoughwelkin will become famous soon enough
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by Rockruler View Post
Exactly. Anybody who thinks their domains are safer at one registrar vs. another is sorely mistaken.
大象.com probably wouldn't be safe at godaddy.

Quote:
Originally Posted by DktoInc View Post
Hmm maybe godaddy isn't that horrible after all or not prominent enough.
yeah, godaddy is a secret of the pros, shhhh!
Reply With Quote
  #8 (permalink)  
Old 9th May 2013, 04:55 AM
123 123 is offline
Member
 
Join Date: Apr 2012
Posts: 754
iTrader: (5)
Rep Power: 465
123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road
Re: Name.com - Security Notice: Password Reset‏

Quote:
大象.com probably wouldn't be safe at godaddy.
lol
Reply With Quote
  #9 (permalink)  
Old 9th May 2013, 12:36 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by welkin View Post
大象.com probably wouldn't be safe at godaddy.
Reply With Quote
  #10 (permalink)  
Old 9th May 2013, 12:38 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by DktoInc View Post
Hmm maybe godaddy isn't that horrible after all or not prominent enough.
They probably would have gone through Godaddy had they needed to. I think they hacked only the registrars that played a role in resolving the IRC channel
Reply With Quote
  #11 (permalink)  
Old 9th May 2013, 12:42 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by Rockruler View Post
Exactly. Anybody who thinks their domains are safer at one registrar vs. another is sorely mistaken.
Quote:
Originally Posted by DNN Article
The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter. “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”
Yes and no.

(On a similar topic, I often hear the best is to have your own registrar so as to cut email out of the equation. Lots of domain thefts and DNS hijacking are achieved by social engineering the registrar staff and/or gaining access to the registrant's email address).
Reply With Quote
  #12 (permalink)  
Old 9th May 2013, 01:37 PM
123 123 is offline
Member
 
Join Date: Apr 2012
Posts: 754
iTrader: (5)
Rep Power: 465
123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road123 is on a distinguished road
Re: Name.com - Security Notice: Password Reset‏

don't you think that if you have a public whois and can prove ownership records over time, that you can take your domain back in case it is suddenly transferred to a new mysterious owner(maybe with a lawyers help)?

i think it is not 1998 anymore, so it is not that wild west anymore? or at least i hope so?#

maybe it would be time for a super secure registrar for valuable Domains?

Last edited by 123; 9th May 2013 at 01:39 PM..
Reply With Quote
  #13 (permalink)  
Old 9th May 2013, 02:42 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by 123 View Post
don't you think that if you have a public whois and can prove ownership records over time, that you can take your domain back in case it is suddenly transferred to a new mysterious owner(maybe with a lawyers help)?
Well the onus will be on you to prove that, good luck.

What if the domain sold before the rightful owner realizes it has been stolen ?

In some jurisdiction the rightful owner may be required to compensate the good faith buyer in order to have the stole property returned. Think about having to pay up the price paid by the buyer (!). In some jurisdiction you may also be statute-barred from recovering stolen property if a long enough time has passed between the theft and your legal recovery attempt.

You can find good article on the topic if you look for "stolen art" + "good faith buyer" such as this one http://media.law.stanford.edu/public...od%20Faith.pdf

Quote:
Originally Posted by Abstract
Good faith purchasers of stolen goods fare differently in Western legal systems. American rules favor the owner, while the civil law world protects the good faith purchaser. Oddly, this striking difference is misunderstood or denied or both by American scholars. American lawyer-economists who have considered which is the better rule differ in their perceptions and conclusions, as do the positions taken by non-economists. A related difference exists in the application of statutes of limitation in good faith purchaser cases. Proposals that it would be fairer to split the loss seem bound to fail. A solution
involving the Art Loss Register and the New York courts’ use of the laches doctrine is more promising.
Reply With Quote
  #14 (permalink)  
Old 9th May 2013, 02:44 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

PS: of course one could always try to argue that US Law applies to every single domains in the ICANN root but that is a debate for another day
Reply With Quote
  #15 (permalink)  
Old 9th May 2013, 03:26 PM
idn's Avatar
idn idn is offline
Senior Member
 
Join Date: Oct 2005
Location: Global Headquarters of the Dot Net Skepticism Alliance
Posts: 3,156
iTrader: (38)
Rep Power: 1240
idn is on a distinguished roadidn is on a distinguished roadidn is on a distinguished roadidn is on a distinguished roadidn is on a distinguished roadidn is on a distinguished road
Re: Name.com - Security Notice: Password Reset‏

Anyone have a vote for the most secure registrar these days?
__________________
NativeDomains.com
XBuild.com
Reply With Quote
  #16 (permalink)  
Old 9th May 2013, 04:46 PM
squirrel's Avatar
Senior Member
 
Join Date: Nov 2009
Posts: 2,940
iTrader: (11)
Rep Power: 7081
squirrel is a name known to all
squirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to allsquirrel is a name known to all
Re: Name.com - Security Notice: Password Reset‏

I believe Name.com and Godaddy.com have 2 factor authentication ..
Reply With Quote
  #17 (permalink)  
Old 10th May 2013, 01:10 AM
Rockruler's Avatar
Member
 
Join Date: May 2010
Posts: 426
iTrader: (13)
Rep Power: 407
Rockruler is an unknown quantity at this pointRockruler is an unknown quantity at this point
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by squirrel View Post
I believe Name.com and Godaddy.com have 2 factor authentication ..
Yeah, you can enter a text-to-phone pin at GD. They will text you a security code each time you try to log into your account. But unfortunately only works for US residents of course
Reply With Quote
  #18 (permalink)  
Old 10th May 2013, 02:24 AM
Member
 
Join Date: Jul 2009
Location: The Golden West
Posts: 921
iTrader: (0)
Rep Power: 3241
Avtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the rough
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by Rockruler View Post
Yeah, you can enter a text-to-phone pin at GD. They will text you a security code each time you try to log into your account. But unfortunately only works for US residents of course
Dynadot has a security code that they can text you as well. But they are a bit smarter than most registrars; they require you to enter the security code only when you want to do something sensitive, such as unlock a domain for transfer. This cuts down on the number of text messages that you need to receive. No idea whether this works outside the US.

I think alpha once pointed out on his blog that the best security is to do an inventory of your domains on a regular basis (there are programs that will automate this). The sooner you detect a problem, the easier it is to fix.

Avtal
Reply With Quote
  #19 (permalink)  
Old 10th May 2013, 03:07 AM
Senior Member
 
Join Date: Oct 2007
Posts: 3,353
iTrader: (29)
Rep Power: 1264
htmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished roadhtmlindex is on a distinguished road
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by Avtal View Post
I think alpha once pointed out on his blog that the best security is to do an inventory of your domains on a regular basis (there are programs that will automate this). The sooner you detect a problem, the easier it is to fix.

Avtal
Any recommendations on which programs these are? Are they free programs?
Reply With Quote
  #20 (permalink)  
Old 10th May 2013, 03:28 AM
Member
 
Join Date: Jul 2009
Location: The Golden West
Posts: 921
iTrader: (0)
Rep Power: 3241
Avtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the roughAvtal is a jewel in the rough
Re: Name.com - Security Notice: Password Reset‏

Quote:
Originally Posted by htmlindex View Post
Any recommendations on which programs these are? Are they free programs?
It's all here: portfolio-management-and-security-101. Keep in mind that the article is a few years old.

Avtal
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 11:02 PM.

Site Sponsors
Your ad here
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54