[BBLISA] domain theft saga
bblisa at rootme.org
bblisa at rootme.org
Tue Mar 30 08:17:38 EDT 2010
On Tue, Mar 30, 2010 at 04:29:47AM -0400, tmetro+bblisa at vl.com wrote 1.9K bytes in 49 lines about:
: In brief, a directed attack using social engineering was perpetrated
: against my domain registrar, Dreamhost, and due to multiple failures on
: their part, they granted the attacker access to my account, froze me
: out, and hampered my ability to halt the attack.
This is an increasingly successful and common attack. I've helped a
number of domain owners better protect their domains after losing them
in this manner. Some of these were security companies who should know
better. I've encouraged domain owners to setup some sort of two factor
authentication (email and phone with a pre-shared passphrase, typically)
with their registrar. Apparently people need to be reminded that
security in depth has proven itself over time as a sound practice.
: I've reported the attack to the local police and the FBI.
I'm interested to know if they can and will do anything about it.
--
Andrew
web: http://lewman.com
xmpp: andrew at lewman.com
pgp key: 31B0974B
More information about the bblisa
mailing list