Godaddy Security Hole – Are Your Domains Safe

Posted on February 8th, 2010 by admin in Domain News | No Comments »

I don’t know whether you remember this but Sarah Palin – the Republicans’ vice-presidential candidate for the last US election – was in the news (amongst other things) prior to that election as a result of her email account getting hacked.

Basically, some kid exploited Yahoo’s password reminder feature whereby he used publicly available information to answer Ms Palin’s security questions (she erred by putting in silly stuff as her 2 security questions).

There are numerous other cases of people using social engineering to “hack” their way to information and resources they otherwise do not have access to.

Some resources are more valuable then others – while you may attach emotional value to private emails you store in your inbox, you can directly attach monetary value to assets like domain names.

This is why I freaked out over a discovery I made today while helping out a friend who could not remember their Godaddy account password.

We followed the link to retrieve account password and were instructed to “Follow the instructions to the right” or choose from 3 possible options:
1. Retrieve Customer Number
2. Retrieve Password Hint
3. Reset Password

We clicked on Retrieved Password Hint and were shocked to find that all that was needed to take a look at my friend’s password hint was their Godaddy account number or username.

Why is this shocking?

Godaddy usernames / account numbers are not private. We share them with strangers all the time when we transfer/sell/buy domain names. Anyone can take a look at your password hint by simply typing in your Godaddy username or account number.

As we were recently reminded by Twitter, people tend to fall into bad habits when it comes to passwords. What are the odds that a lot of people reveal their password or at least provide enough rope in their Godaddy password hints which are so readily available?

I have written to Godaddy with regards to this issue but they do not feel like there was anything to be concerned about as can be seen from the response below:

Dear John,
Upon reviewing this issue it does not appear as though further assistance is required. Please let us know if you have any further questions, comments, or concerns by replying to this email. Our service departments and telephone lines are open 24 hours a day, 365 days a year to accommodate your needs anytime.

I would love to hear your thoughts on this issue.

Some Nice Names On SnapNames Right Now

Posted on February 8th, 2010 by admin in Domain News | No Comments »

The following domain names are either listed for sale on SnapNames, are in auction or are about to drop and can be back-ordered with SnapNames. They are directly linked to the bid screen.

ulr.info – very similar to url, nice name.
seyo.com
waja.com
civilization.org
reflections.org
sq5.com
flightforum.com
dubailodge.com
cashgames.net
hitups.com
z9p.com
cakeworld.com
eescorts.com
latestbooks.com

Enjoy and good luck!

TCS.com Hacked, Domain Listed For Sale

Posted on February 8th, 2010 by admin in Domain News | No Comments »

Tata Consulting Services’ (Indian IT outsourcing company) tcs.com domain name/website had it’s DNS hijacked yesterday with the hijackers putting a simple “for sale” sign up according to theregister.co.uk.

The firm managed to get their name back today but only after getting the hackers quite a bit of publicity from various security/hack sites.

The for sale text asked for all inquiries to be sent to abed_uk@hotmail.com.

Ironically, tcs.com prides itself at being a supplier of web security services.

Georgian .GE Reaches 8,000 Registrations

Posted on February 8th, 2010 by admin in Domain News | No Comments »

The Georgian registry has announced it has reached a landmark 8,000 active domain names – recording a 12.5% annual rise in registrations according to Kate Chkhikvadze of FinChannel.com.

In a world well sheltered from the everyday hustle and bustle of real domaining, Georgian domain names cannot be traded – which explains the minuscule number of names registered in a country of 4.3 million people.

“In Georgia we do not have cases of selling domain names from private individuals,” says Ia Peradze, administrator of .GE domain.

“According to the rules re-selling of domain names is prohibited. When one person cancels a domain name only after that can the domain name be taken by another,” she adds.

Domain names with the .GE extension can be registered through the registry website nic.net.ge, however it is unclear whether foreigners can apply for registration (.ge could make some useful domain hacks).

Georgian domain names are available in level 1 (.ge) and level 2 (com.ge , org.ge, gov.ge, net.ge, pvt.ge, edu.ge) much like a lot of other ccTlds.

According to the above report, the first .ge domain name is free, while subsequent registrations cost as follows:
1-5 domains – 30 GEL, 6-10 domains – 60 GEL, 10-15 domains – 110 GEL, 16-20 domains – 180 GEL, 21-25 domains – 270 GEL. (GEL is Georgian Lari (app 1 GEL = $0.584 US).