20 Jun
2013
20 Jun
'13
8:22 p.m.
On 6/20/13, Randy Bush <randy@psg.com> wrote:
netsol screwed up. they screwed up bigtime. they are shoveling kitty litter over it as fast as they can, and they have a professional kitty litter, aka pr, department. but none of this is surprising. and dnssec did not save us. is there anything which could have?
What's puzzling is the "How the heck did they do that?" The registrar doesn't maintain the .COM database that contains the list of nameservers.... they had to submit changes to all those records. So, why weren't there security controls to make sure that the registrar could not submit changes without appropriate authorization from the Administrative/Tech contact?
randy -- -JH