[BBLISA] domain theft saga

Tom Metro tmetro+bblisa at vl.com
Tue Mar 30 12:57:24 EDT 2010


bblisa at rootme.org wrote:
> I've encouraged domain owners to setup some sort of two factor
> authentication (email and phone with a pre-shared passphrase, typically)
> with their registrar.  Apparently people need to be reminded that
> security in depth has proven itself over time as a sound practice.

Tell me about registrars who are capable of this.

A friend turned up http://www.moniker.com/ who claim, "... we are the
only registrar that has executive review of every transfer out request
by at least 3 employees including an officer of the company in an effort
to verify the validity of such requests. Finally, personal contact is
made to each registrant if there are any questions about the legitimacy
of the request."

Still seems like humans are the weak link, unless they are well trained
and give security priority over convenience.


> : I've reported the attack to the local police and the FBI.
> 
> I'm interested to know if they can and will do anything about it.  

Nothing so far.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



More information about the bblisa mailing list