Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Bug Security Privacy United States Technology

American Samoa Domain Registry Was Exposing Client Data Since the Mid-1990s ( 17

An anonymous reader quotes a report from Softpedia: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone knowing of this bug would have been able to edit and delete any .as domain, just by altering the ASNIC domain info URL. Some of the big brands that own .as domains include Opera, Flickr, Twitter, McDonald's, British Gas, Bose, Adidas, the University of Texas, and many link shortening services. This flawed system has been online since the mid-1990s. The researcher contacted ASNIC after discovering the flaw at the end of January 2016, but email exchanges with the domain registry were scarce and confusing, with the registry issuing a statement today denying the incident and calling the allegations "inaccurate, misleading and sexed-up to the max," after previously acknowledging and fixing the security flaws.
This discussion has been archived. No new comments can be posted.

American Samoa Domain Registry Was Exposing Client Data Since the Mid-1990s

Comments Filter:
  • Because there's nothing sexier than a domain registry (to the max)!
  • by Anonymous Coward
    Both sides are right. The registrar because the system had been discontinued, and the researcher because the registrar did not notify clients. There, settled! Now kiss and make up.
  • How about you also give American Samoans the right to vote while you are at it?

Exceptions prove the rule, and wreck the budget. -- Miller