I was concerned on two fronts: 1) that a "rogue registrar" could more easily steal domains this way, and 2) that so much data in whois is inaccurate, intentionally on the part of the owners, that notifications could go unnoticed by legitimate owners. I still think phony whois data is a problem in this regard, but I was assured that the rogue registrar scenario wasnt credible, and this incident doesnt seem to be an example of it. On the other hand, it does appear to me that at least one registrar was delinquent in some way, in that I cant believe that all these domain owners didnt see a notification of a transfer request, not to mention changes in the whois records themselves.The stolen domains have ended up with more than one registrar, but according the Kirikos post they were all previously at Dotster, a deep discounter that has domain names like killbush.com and hairyarmpits.net for sale on its home page. Kirikos believes, and with good reason, that the answer is to use the registry LOCK feature. Actually, he says that registrars should, by default, lock all domains, and I cant see a good reason not to. Its just good security for a registrar, and thats what this story is probably all about: good practices, especially security practices, by domain registrars. The system may be all set up now to make transfers go smoothly, so its up to the registrars to make sure that domain hijackings dont. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis.
More from Larry Seltzer
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.