2600 News
| Main Page | Off the Hook | Off The Wall | Brain Damage | RNC 2004 | The Magazine | Store | Covers | Meetings |


Subscribe to 2600!








Get 2600 Stuff!

EMAIL FROM INTERNIC SECURITY HOLE
Posted 20 Sep 1999 00:00:00 UTC

The following are samples of the mail that is world readable on NSI's system. These people thought they were sending mail to the webmaster of the site. What's particularly ironic is the large number of people who were complaining about the easily guessable passwords that were mailed out - they never suspected that it was even easier to compromise their accounts without having to even guess the password!

------- Start of forwarded message -------
 
Subject: Whoops
To: webmaster@dotcomnow.com
From: pross@dotcomnow.com
Date: 17 Sep 1999 11:17:44 -0700

Screwed that one up, eh? I accidentally type in the wrong username, put
the matching password (random passwords? Wot's that, then?) and I get
into the wrong account.

Deary me. I'd better leave before someone notices.


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------
 
------- Start of forwarded message -------
 
Subject: Problem with email account
To: webmaster@dotcomnow.com
From: locke30@dotcomnow.com
Cc: webmaster@netsol.com
Date: 16 Sep 1999 17:10:57 -0700


The following is what I set my vacation message to after changing my
password to some random garbage... I decided to entertain myself by
sending you a copy:

The idiots at Network Solutions decided to open
thousands of accounts for its customers using easily
guessable passwords (hint: really easy) These accounts
were created without any input. And NSI was kind
enough NOT to provide any means of removing them.

With noise on the internet account about the account
making it easier to hyjack domain names (gee... thanks
NSI!) I was forced to log in and change my password (as
were thousands of other people)

Network Solutions: Yes were a monopoly damnit! (tm)

If you wish to contact me, do a whois lookup for
shivan.org, which was the domain that I registered with
NSI that got me all this neat spam and free unsolicited
wideopen email accounts.

-- Bruce Locke (locke30)
 



 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: GET YOUR SECURITY RIGHT!!!
To: postmaster@netsol.com
From: webmaster@dotcomnow.com
Cc: postmaster@dotcomnow.com, root@netsol.com
Date: 16 Sep 1999 05:36:14 PDT

This Web Mail service is one big security hole. I can login to over two
dozen accounts, just using 'lastname' and password 'lastnamensi'.
'webmaster' with 'webmasternsi' did work as well, just like 'admin' with
'adminnsi'.

Jeez man, wake up and smell the fire....

barbaBob

(P.S.: the password for this account has been changed to 'tralala'. There
is a lot of e-mail here from concerned netizens trying to warn you guys.
I suggest you read them)


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: You are in serious violation of critical path's policy
From: cp@dotcomnow.com
Cc: recipient list not shown: ;
Date: 16 Sep 1999 10:53:03 -0700

Dear sir or madam,
 We realize that you have compromised the security of our company by
changing the password of this account. We require that you change the
password to 'critcalpath'
 You must reply to us immediately once you have changed it so that we
can stop the current investigation and legal charges being brought
against you.
 Thank You, 
 Critical Path 


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: What in the Heck were you thinking?
To: webmaster@dotcomnow.com
From: verpoorten@dotcomnow.com
Cc: help@dotcomnow.com
Date: 16 Sep 1999 08:03:10 -0700

What in the world were you thinking? You set up an e-mail acct in my name
and gave me a password which was the same for every domain name (acct name
and a "nsi" after it) and emailed me the acct and password without me
setting it up, clearing it, or acces
sing it first?

This has got to be the worse example of exploitation I have ever seen
with a business in your position and trust. I fear for the safety of my
Domain name, my good name, and my checkbook with you in charge of Domain
names now. 

 I do not want any mail acct opened without my OK. 

Man, what in the name of God and all that is Holy was your company
thinking when it pulled this idiotic stunt?!



 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: Re: your message
To: postmaster@INTEGRAM.ORG, root@INTEGRAM.ORG, info@INTEGRAM.ORG,
 postmaster@INTEGRAM.ORG, webmaster@INTEGRAM.ORG, hostmaster@netsol.com,
 postmaster@netsol.com, info@networksolutions.com,
 postmaster@networksolutions.com, webmaster@dotcomnow.com,
 info@dotcomnow.com, postmaster@dotcomnow.com
From: Joost Baaij 
Date: Thu, 16 Sep 1999 15:58:26 +0200

Dear integram/network solutions

I do not appreciate getting e-mail messages like this. I sincerely hope
you will never bother me again in the future.

As far as your web-based email service is concerned, i think it's an
unprecedented fiasco by generating easy to guess passwords. I STRONGLY
suggest you IMMEDIATELY take action and modofy ALL passwords on that
system.

I've heard several reports of people breaking into the dotcomnow email
service that weren't supposed to. I'm stunned and shocked to see your
company do such an utterly DUMB thing. Please correct it NOW.

-- 
------------------------------------------------------------------------
 Barito Innovators B.V.
 Joost Baaij De Mulderij 4, 3831 NV Leusden
 P.O. Box 387, 3830 AK Leusden
 The Netherlands
 Phone +31 (0)33 494 79 71
 j.baaij@barito.nl Fax +31 (0)33 494 85 44
 Internet http://www.barito.nl
------------------------------------------------------------------------
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
To: webmaster@nsi.com
From: lewis@dotcomnow.com
Cc: webmaster@dotcomnow.com
Date: 16 Sep 1999 06:08:38 -0700


god you guys suck

nice default passwords

morons


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: you people fucking stupid or what
To: webmaster@dotcomnow.com
From: testa28@dotcomnow.com
Date: 16 Sep 1999 05:32:59 -0700

what in the hell where you people thinking by sending out generic
passwords for every acct. Are your security people just stupid or what?
Since you've been monopolizing the domain world for so long, has all
common sense gone to the wayside? I can't believe the number of idiots
that work there and that anyone thought this was a good idea. Since i'm
up for renewal in 3 months, i'll have to seriously contemplate staying
with people who are ignorant and stupid.


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: security?
 (or complete lack thereof)
To: hostmaster@netsol.com, webmaster@dotcomnow.com
From: hostmaster360@dotcomnow.com
Cc: aaron@abelard.com
Date: 16 Sep 1999 01:04:25 -0700

you've got to be kidding me. your lack of any forethought in assinging
passwords has turned a potentially useful system into a potentially large
problem.

aaron abelard / aa203


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: Re:
To: lewis@dotcomnow.com
From: webmaster@dotcomnow.com
Date: 17 Sep 1999 23:27:34 PDT

Hi Luie,
That ain't the half of it...
Why don't you be webmaster....
http://mail.dotcomnow.com/signup/poll/webmaster?dlang=default

On Thu, 16 September 1999, lewis@dotcomnow.com wrote:

> 
> 
> god you guys suck
> 
> nice default passwords
> 
> morons
> 
> 
> 
> -------------------------------------------------
> Get personalized e-mail and a web address or your
> own free e-mail at http://www.networksolutions.com.


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: You boneheads
To: postmaster@dotcomnow.com
From: droelands@dotcomnow.com
Date: 16 Sep 1999 17:36:40 -0700

Thanks for nothing.

You create an email account in my name, without my consent, and assign it
a password that is incredibly easy to hack?

What have you been inhaling?

I have no intent to use this service. I configured my password simply to
protect myself. Furthermore, when my domains expire, I'll be sure to
re-register them with another service.

Morons...

 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

------- Start of forwarded message -------
 
Subject: How stupid can you be?!?!?!?!
To: admin@dotcomnow.com, root@dotcomnow.com, postmaster@dotcomnow.com
From: toups2@dotcomnow.com
Date: 16 Sep 1999 06:53:53 -0700

First off, what right does Network Solutions have spamming my mailbox
with your web based mail service. Just because I HAVE to use your
monopolistic service to register domains DOES NOT give you the right to
SPAM my work e-mail account.

Second, is their cow manure in place of brains in your head? How dare you
send out a clear text password that effects my domains in e-mail? What
Mickey Mouse Security Course did you take? 

I will be writing my congressman and senator to insure that Network
Solution loses all ability to manage domain names. This behavior is the
absolute worst and should not be rewarded.

Sincerely yours,

A VERY DISGRUNTLED DOMAIN OWNER


 
-------------------------------------------------
Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.
 
------- End of forwarded message -------

Printer-Friendly Format

2600 Magazine
P.O. Box 752
Middle Island, NY 11953
Telephone: 631-751-2600

Comments: Webmaster
 
Copyright © 1995-2014
2600 Enterprises, Inc. All rights reserved.