[28136] in North American Network Operators' Group
Re: NSI's registrar db hacked
daemon@ATHENA.MIT.EDU (Michael P. Lucking)
Fri Apr 14 09:36:32 2000
Date: Fri, 14 Apr 2000 09:34:30 -0400 (EDT)
From: "Michael P. Lucking" <michael@lucking.com>
To: Rodney Joffe <rjoffe@centergate.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <38F62AFF.4C45960A@centergate.com>
Message-ID: <Pine.A32.4.05.10004140931210.11268-100000@dervish.lucking.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 13 Apr 2000, Rodney Joffe wrote:
> a) force guardian (crypt-pw seems the most reliable) on all new domain
> registrations
The other day I sent in a modify for a domain that I was tech contact
(using crypt-pw) and someone else was the admin/billing contact. The admin
contact got an after update notification that included my e-mail,
including the clear-text password. At one point in time NSI used to strip
the password off before re-emailing any form for any reason.
Also, I would love to use PGP, but they can't get that right either.
=========================================================================
Michael P. Lucking Michael@Lucking.COM
