American Samoa Domain Registry Was Exposing Client Data Since the Mid-1990s (softpedia.com) 17
An anonymous reader quotes a report from Softpedia: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone knowing of this bug would have been able to edit and delete any .as domain, just by altering the ASNIC domain info URL. Some of the big brands that own .as domains include Opera, Flickr, Twitter, McDonald's, British Gas, Bose, Adidas, the University of Texas, and many link shortening services. This flawed system has been online since the mid-1990s. The researcher contacted ASNIC after discovering the flaw at the end of January 2016, but email exchanges with the domain registry were scarce and confusing, with the registry issuing a statement today denying the incident and calling the allegations "inaccurate, misleading and sexed-up to the max," after previously acknowledging and fixing the security flaws.
Much sexy (Score:2)
Re: (Score:2)
This has happened to me at least twice when disclosing security issues. They acknowledge the incident, they fix it, and then they attacked me when I published my report.
I once owned an AS domain. Despite the fact that they list themselves as having an office in NYC, writing to them, emailing them and calling their listed number generated no response to requests I made to have the administrative contact changed. They have no proper web interface either. I dropped my AS domain due to their complete incompetence and lack of support. Looks like that was the best move I could have made after this recent incident was made public.
Both right (Score:1)
Voting rights (Score:1)
How about you also give American Samoans the right to vote while you are at it?
Re: (Score:2)
You just DoS'd Wikipedia's article on American Samoa [wikipedia.org].