« Spielwiese SEO: Befreiphone.org wird verlost!
Why do you buy domains? »

All your .de domains deleted? It could happen!

One of my former ventures was an IT Security consultancy boutique. We helped German and international companies to protect their it infrastructure from all sorts of cyberthreats. What i saw there was mind blowing and really scary!

Now as i have shifted my focus since years to my ventures in the domain industry, security is still something i really care about. Most of our systems are within my reach and i can take care of theses security systems. But some lie in the hands of registrars and registries and i cannot take care of them.

Now to the point: I am really concerned about the security system of Germans Registry DENIC! They cannot provide a registrar the possibility to lock a domain. An average skilled 15 year old script kiddy would need the user name, which is the so called handle of a registrar, and the according password. Thats it. With these two pieces of information he can delete all domains of the registrar. Maybe re-register them for himself. You can imagine what happens when domains like google.de, ebay.de or yahoo.de disappear for days and other generic domains can never be restored!

Now you could say, that a password and a user name is hard to figure out. Just call the tech department of provider xyz, pretend to be from DENIC and ask for it. Administrators have high technical, but often low social firwalls. Social engineering can be unbelievable powerful. Professional IT Security consultants will confirm that.

Some Domain sales in the .de Zone are reported in the that are over one million euros. I estimate the managed domain values of companies like Strato AG, 1&1AG or InternetX way above one billion! For even my paypal account or my bank account, there are higher security standards than for such values.

Transfers of google.de and ebay.de to third partys the last years just have been the tip of the iceberg. I know of many more huge gems that have been highjacked but never been reported.

To all of you that have premium domains, ask your registrar which security standards they provide and carefully read your contracts! To all of of you that are DENIC member, ask for a solution!

Take care,

namewise

This entry was posted on Samstag, September 13th, 2008 at 13:49 and is filed under Allgemein. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.