Don’t fall for “WHOIS Privacy” upsells

Who owns a domain name? Ever wondered who owns a particular domain name? That’s where WHOIS (pronounced “who is”) comes in. WHOIS is a system to query domain registries to find out details about a specific domain name. Traditionally, a WHOIS query would return a wealth of information on a domain, including: Now, obviously this […]

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]