A Matter of Security

[BlackDiamond]

Given all the recent high-profile shenanigans involving domain name theft, there's been a lot of talk as to what domain name owners can do to protect their domains. Is there anything, though, that you'd like to see ICANN, registrars, or other companies involved with domain names to protect domain names? Would you prefer there be tougher penalties against thieves as a deterrent? Will more barriers, even for the sake of security, ruin the imperfect but balanced market already in place? Would you prefer there to be even fewer restrictions than exist currently, allowing the marketplace to mete out justice in a case such as this instead of the courts?

I guess that was a bundle of questions. I don't want to poision the well, though, so I'd like to see what your opinions are on the solutions to these problems, even if it's, "Lock the crooks up and throw away the key!"

 

[weblord]

problem is the more stricter the security the more it's been passed to the good users not to the hackers themselves, like for example the captcha, you don't need a captcha if you're a real person, (that's given, real person should access accounts on the internet) but because hackers can bypass this and are not using captcha, the penalty is being felt by users.

the user is all in all responsible for the security of his/her account(s) on the internet, if the user themselves is not responsible, then whatever security add-on is given by icann are all useless.

 

[BlackDiamond]

You're right in that the user should be more responsible. Actually, I'm kind of fuzzy as to how some of these incidents happen though. Is it usually a hacked e-mail account, or is there some fraud which bypasses the user's e-mail or password entirely?

 

[Premiere]

I don't think there's any way to safeguard a domain without a 3rd party involved. Can you really trust Icann, your registrar, or an email provider to all be looking out for your best interests?

That's my personal opinion. DomainSure is my professional perspective on how to handle the problem.

 

[-REECE-]

Most of the internet fraud (not only related to domains but fraud as a whole) is being undertaken by large criminal organizations which in many cases have put more money into their hacking schemes than registrars have put into preventing their hacking (largely phishing/pharming) schemes.

Domainers really are to blame -- we want it all, including a low price. It's just not possible. Sacrifice security or sacrifice on the price, one or the other.

I don't mean to blame the victim, however the large majority of domain name thefts are from ignorant domain name owners who still haven't understood that most domains are stolen not because of mistakes by their registrar, rather mistakes by them which led up to their email account being compromised. Once the email accounts associated with your domains are compromised, there really is nothing stopping someone from stealing all your domains at most registrars. Thankfully some of the additional security measures now available at an additional cost at Godaddy, Moniker, and Fabulous will make that more difficult.

Don't want your domains stolen? Four easy tips:

1- Have a long alphanumeric, uppercase + lowercase + symbols password
2- Don't click links in emails or open attachments from people you don't know. Scan any attachments before opening them even if it's from someone you do know.
3- Keep your domains locked at all times.
4- Use ALL security measures your registrar offers

There, that's easily 70-80% of domain name thefts prevented right there. Ignorance to proper security measures is the cause of most domain name thefts, not super-hackers.

 

[Premiere]

And have domaintools send out alerts on your registrations and changes to a different email account than the one you register with - and check it daily.

 

[weblord]

a combination of all, you need to expose them as they do that on warnings forum

some are:
- they've guessed your email password
- you've login to your account on a cybercafe.
- your computer has trojan/spywares on them
and a lot more.

-REECE- is right protect your account with a strong password, usually uppercase, lowercase and numbers and if possible 12 to 16 characters, 8 characters now are simple for hackers to hack in and don't use same password on all your accounts.

whm is now accepting even punctuations btw, (yeah that tough)

i have a password generator called passutils from http://www.pctools.com/
you may try it as well it's an offline app.

update your online and offline apps at all cost, make sure you have the latest version esp. those ones that you're using directly to access online, that will mean your ftp app, your browser, your firewall, have 2 or 3 antivirus with latest update, don't just trust one, go for second and third opinions of your spyware apps.

lastly and most important of all, be secure yourself and don't be careless. don't just click any link or download any app you get from your email even if it's from a trusted friend (fake email headers)

You're right in that the user should be more responsible. Actually, I'm kind of fuzzy as to how some of these incidents happen though. Is it usually a hacked e-mail account, or is there some fraud which bypasses the user's e-mail or password entirely?