Gaping security flaw that may have helped domain name scammers

Gaping security flaw that may have helped domain name scammers

From: Phil Wright <newsstuff§network.au.com>
Date: Fri, 25 Jul 2003 10:36:09 +1000
Enetica, one of Australia's largest auDA accredited Registrars, has
exposed a gaping security flaw that may have helped domain name
scammers.

Domain name scammers that have plagued the industry for years use domain
name expiry dates to send fake invoices for domain renewals to unaware
consumers in an attempt to solicit overly expensive domain name
renewals.

By visiting  <https://www.enetica.com.au/register.cgi?action=renew>
https://www.enetica.com.au/register.cgi?action=renew, you can enter any
domain name administered by Enetica and have returned the expiry date.
Domain name scammers, like Domain Names Australia would find it very
easy to query 1,000's of domain names against this webpage and acquire
domain expiry dates for their dubious business.

An example domain name you can query is "enetica.com.au" or
"hiltonsydney.com.au"

Domain name owners whose names are administered by Enetica or their
resellers should be doubly vigilant about such domain renewal scams.

An example of the results of such a query are:

 Error: Domain is not due for renewal.

Thank-you for choosing to renew/transfer your domain name(s). However,
the domain 'hiltonsydney.com.au' does not expire until 18/06/2005.  As
'.au' domains cannot be renewed prior to 90 days before their expiration
date, we cannot process a renewal for this domain at this time. Please
try again in 607 days (a renewal notice will be sent to the admin
contact for this domain when it is due for renewal)

If you have other domains to renew/transfer, please press the back
button on your browser and edit the details on that page. 

Take a look at the screenshots
http://www.atlanticportfolio.com/enetica/enetica/
 
Instead of chasing tigers' tails and wasting industry development monies
on trivial legal pursuits, how about auDA put money and effort into
ensuring our privacy as consumers is protected and let the likes of the
legislative bodies like ACCC handle the scammers after all they actually
have a jurisdiction?

Cheers

Phil Wright


 
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC