2600 News
| Main Page | Off the Hook | Off The Wall | Brain Damage | RNC 2004 | The Magazine | Store | Covers | Meetings |


Subscribe to 2600!








Get 2600 Stuff!

NEW INTERNIC EMAIL SECURITY HOLE
Posted 20 Sep 1999 00:00:00 UTC

update 9/24/99:
A full business week has now gone by since we revealed this security hole. Apart from a story in the Boston Globe and ZDTV, the rest of the media chose to ignore this completely. Wired even wrote us to say "we do not believe this represents either a security or a privacy risk." It's hard to imagine what could be *more* of a security and privacy risk than a company running insecure software while attempting to get *all* administrative and technical contacts for *every* .com, .net, and .org site to use their system as a trusted method of communication.

As of today, most of the problems seem to have been fixed, although we are still hearing from people who claim to have thousands of accounts in their browser cache which can still be logged into. Also, as of this date, no public comment has been issued on the web sites of Network Solutions, Inc. or Critical Path, Inc., the company that NSI hired to operate its web mail sites. Spokespersons from Critical Path have been quoted as saying they take responsibility for this mess but we believe a more public and lasting statement is in order.



update 9/21/99:
It's been a day since this problem was disclosed to the public, and almost a week since it was brought to NSI's attention. They have still yet to comment on the matter.

The page that allowed people to access arbitrary email accounts has been disabled by NSI. However, if you happen to know the URL for an email box, you can still access it. For instance you can send email as microsoft@dotcomnow.com here. Within 5 minutes of this URL being posted the account was disabled. STAY TUNED!

As of 7:20 PM EDT, a URL to access the support account's email was working. As we were preparing to post a link, it too was disabled. Perhaps somone is paying attention.



We have been alerted to a serious vulnerability on a free web-based e-mail service that has recently been launched by Network Solutions Inc., otherwise known as the Internic - the people responsible for registering nearly all .com, .net, and .org addresses.

Anyone taking them up on their offer for "free web mail" on their www.networksolutions.com/ page is both vulnerable and capable of accessing ANY ACCOUNT on the following domains:

  • dotexpress.com
  • mymailbag.com
  • nsimail.com
  • dotcomnow.com

    Once you have registered an account on their system, you can change the name of your account to ANY OTHER ACCOUNT simply by entering this URL:

    http://mail.dotcomnow.com/signup/poll/newaccount?dlang=default

    NO PASSWORD IS REQUIRED.

    Simply replace newaccount with the name of the account you would like to access and you're in!

    While it's a trivial matter to guess user names, if you want a small list from the Internic's own database, simply type:


    whois '*@dotexpress.com'

    or any of the other domains they are currently running.

    According to the people who have alerted us of this vulnerability, NSI was informed of the security hole last week and failed to respond. We believe this may help motivate them.


    Have a look at some of the mail that is world readable on NSI's system. These people thought they were sending mail to the webmaster of the site. What's particularly ironic is the large number of people who were complaining about the easily guessable passwords that were mailed out - they never suspected that it was even easier to compromise their accounts without having to even guess the password!

  • Printer-Friendly Format

    2600 Magazine
    P.O. Box 752
    Middle Island, NY 11953
    Telephone: 631-751-2600

    Comments: Webmaster
     
    Copyright © 1995-2014
    2600 Enterprises, Inc. All rights reserved.