alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[internext]

Thank you, Paul

 

[dirk]

Not sure whether this has been mentioned before. I updated my email address on all my domains and my Epik account, right after the hack.

Changing the email through E did not update my email on federated identify. Had to login to FI separately to change it.

People may want to check whether their email on all E's services were actually updated.

 

[dirk]

Web host Epik, which was hacked earlier this month, says in a data breach notice filed with the Maine attorney general's office that 110,000 individuals are affected by the breach....

https://apps.web.maine.gov/online/aeviewer/ME/40/68401938-23c3-4279-8bc5-d4782e3cba56.shtml

 

[NicTraders]

Let me repeat for the 3rd time ...



Regards

Hi Lox. What are your reasons for saying this is so important? Thx

 

[Wali Dahot]

Let me repeat for the 3rd time ...



Regards

Why should i delete an email that hasnt been compromised? Pwned doesnt mean its compromised, its just leaked to the wrong people. I used separate passwords for all my accounts and now I even have subscribed for a password manager to make passwords unique and harder to guess.

Using same credit card is however dumb so I have closed that.

 

[timestamp]

You don't have to change your email, but probably you will, when you start to receive spam on daily basis.

 

[April004]

I updated my email address on all my domains and my Epik account, right after the hack. Changing the email through E did not update my email on federated identify. Had to login to FI separately to change it.

thanks for this particular piece of info.
I'll separately update federated account email now. I've forgotten that.

 

[bmugford]

Some more articles on popular websites in the last day -

https://www.dailymail.co.uk/news/ar...words-addresses-far-right-website-admins.html

https://www.thedailybeast.com/anony...any-epik-dumps-data-on-proud-boys-qanon-8chan

https://theweek.com/tech/1005166/hu...provider-epik-could-be-a-rosetta-stone-to-the

https://www.salon.com/2021/09/22/th...boys-qanon-websites-fall-victim-to-anonymous/

"Given Epik's boasts about security, and the scope of its Web hosting, I would think it would be an FTC target, especially if the company was warned but failed to take protective action," David Vladeck, the former director of the FTC's consumer protection bureau, told the Post. "I would add that the FTC wouldn't care about the content — right wing or left wing; the questions would be the possible magnitude and impact of the breach and the representations … the company may have made about security."

 

[jmcc]

There is the Uniform Domain Name Dispute Resolution Policy (UDRP) to deal with domain name disputes so why can't there be something like the Uniform Domain Name Misuse and Abuse Resolution Policy where a panel of judges can take a domain or website down once a complaint is filed against the owner and or operator.

One way or another this responsibility has to be taken out of the hands of Registrars, Registries, and hosting companies and the standards have to be made more uniform.

IMO

The UDRP has a good legal foundation in that it is generally based on provable intellectual property rights (trademarks) being abused. Trademarks are generally commonly respected. The problem with content is that its misuse or abusiveness is often subjective and can vary from country to country. There are some forms of content that will immediately be taken down when the hoster, registrar or registry is notified but when it gets into content that may or may not be abusive, things get a lot more problematic. The danger with advocating for such a panel of judges to decide what should and should not be published on the Internet is that some of the larger gTLDs are based on the US. The First Amendment to the Constitution may have an impact. When you go down the road of approving content, you quickly end up in the Chinese situation where every website has to be approved.

With the DNS Abuse issue, there are those who are pushing a similar line to have Content Abuse included in the definition of DNS Abuse. The Intellectual Property people want abusive registrations included because mainly it would save them from having to use the UDRP and possibly lose. There are others who don't really understand the problems of DNS Abuse and want content that offends their sensibility, which may be perfectly legal, taken down. ICANN doesn't want to get into the content monitoring business because it would lose some of its legal protections and monitoring every website in the gTLDs every day and determining what is "abusive" content would be an expensive and highly complex task. The current thinking (from registries and registrars) is that DNS Abuse would be limited to malware, spam and DDoS/botnets.Those kind of problems can often be dealt with at a domain name level.

Most registrars and hosters have well written terms of service that could be used to deal with problem domain names or hosting. A Uniform Domain Name Misuse and Abuse Resolution Policy that focuses on content would be a charter for censorship.

Regards...jmcc

 

[oldtimer]

The UDRP has a good legal foundation in that it is generally based on provable intellectual property rights (trademarks) being abused. Trademarks are generally commonly respected. The problem with content is that its misuse or abusiveness is often subjective and can vary from country to country. There are some forms of content that will immediately be taken down when the hoster, registrar or registry is notified but when it gets into content that may or may not be abusive, things get a lot more problematic. The danger with advocating for such a panel of judges to decide what should and should not be published on the Internet is that some of the larger gTLDs are based on the US. The First Amendment to the Constitution may have an impact. When you go down the road of approving content, you quickly end up in the Chinese situation where every website has to be approved.

With the DNS Abuse issue, there are those who are pushing a similar line to have Content Abuse included in the definition of DNS Abuse. The Intellectual Property people want abusive registrations included because mainly it would save them from having to use the UDRP and possibly lose. There are others who don't really understand the problems of DNS Abuse and want content that offends their sensibility, which may be perfectly legal, taken down. ICANN doesn't want to get into the content monitoring business because it would lose some of its legal protections and monitoring every website in the gTLDs every day and determining what is "abusive" content would be an expensive and highly complex task. The current thinking (from registries and registrars) is that DNS Abuse would be limited to malware, spam and DDoS/botnets.Those kind of problems can often be dealt with at a domain name level.

Most registrars and hosters have well written terms of service that could be used to deal with problem domain names or hosting. A Uniform Domain Name Misuse and Abuse Resolution Policy that focuses on content would be a charter for censorship.

Regards...jmcc

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or its content.

This way at least there will be some supervision on the situation and hopefully it will bring some uniformity to the process.

IMO

 

[bmugford]

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or it's content.

This way at least there will be some supervision on the situation and hopefully it will bring some uniformity to the process.

IMO

That is not how private companies work. They have similar rights to you.

Unless they are an exception, such as a regulated utility company, they can determine who they do business with just like you can determine who you do business with.

Additionally different states, countries, etc. have different laws. It would be impossible to implement this and it not become instantly biased and corrupted.

The current system works fine. That is the free market at play.

Brad

 

[jmcc]

What you are saying sounds reasonable,

But what if we required the Registrars, Registries, and Hosting Companies to have to present their case to the Uniform Domain Name Misuse and Abuse Resolution Policy panel for approval before they could remove or restrict a domain name or it's content.

That would put them in the position of having to defend their customer's domain name and content, which may be perfectly legal, to a panel of judges and incurring legal costs for doing so. Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

Regards...jmcc

 

[bmugford]

That would put them in the position of having to defend their customer's domain name and content, which may be perfectly legal, to a panel of judges and incurring legal costs for doing so. Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

Regards...jmcc

There is a tiny fraction of a percent having issues finding hosting, usually for very valid reasons.

There are too many practical issues to force people to host content.

You going to force a Jewish owned host to host some Holocaust denial website? Well, while it is morally reprehensible it might be technically legal, in most places. In Germany and other places it might not be.

It just doesn't make sense. The free market is relatively efficient at eliminating bad actors over time.

Brad

 

[oldtimer]

Registries, registrars and hosters can already remove problem domain names or websites that break various laws.

But there seems to be some abuse in the current system in certain cases where the Registrants are subjected to the interests, agendas, and ideologies of the Registrars, Registries, and Hosting Companies.

Once a Registrar, Registry, or Hosting Company determines that someone is in violation of their TOS it would only be fair to have a higher authority that that person can appeal to before losing the website or its content.

Now that we are in the digital era we need to come up with some new methods and systems that can deal with the many problems and challenges that are facing us.

IMO

 

[jmcc]

There is a tiny fraction of a percent having issues finding hosting, usually for very valid reasons.

There are too many practical issues to force people to host content.

You going to force a Jewish owned host to host some Holocaust denial website? Well, while it is morally reprehensible it might be technically legal, in most places. In Germany and other places it might not be.

It just doesn't make sense. The free market is relatively efficient at eliminating bad actors over time.

Brad

These things also tend to spill over borders, Brad,
The GDPR is a good example of the mess that can be created with such an approach. It was created to protect the privacy rights of individuals in the EU but it has spread like Covid and made the Internet less secure.

Holocaust denial is an offence in some EU countries.

With UDRP, trademarks are almost universally recognised and content that is illegal can be removed under existing legislation. With trying to regulate content, a panel based approach would be, in effect, be a censorship panel.

Regards...jmcc

 

[jmcc]

But there seems to be some abuse in the current system in certain cases where the Registrants are subjected to the interests, agendas, and ideologies of the Registrars, Registries, and Hosting Companies.

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.They can move their domain name/website to another registrar or hoster. With registries, it would have to be a major problem for a registry to suspend a domain name. The obvious ones are child sexual abuse material, botnet controllers and ones where they are instructed to do so by the legal authorities (the designated persons or organisation legislation in the US where US citizens and companies cannot trade with designated terrorist individuals or companies).

Regards...jmcc

 

[bmugford]

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.

Regards...jmcc

Exactly.

The example I gave earlier with a regulated utility, acts as a defacto monopoly.

You normally have (1) electric company in your area. In that situation there are limits to denying service.

Outside that type of situation, companies can decide who they want to do business with, just like you can decide who you want to do business with.

Brad

 

[oldtimer]

The registrant or website owner has a choice of many registrars, TLDs and hosting companies.They can move their domain name/website to another registrar or hoster. With registries, it would have to be a major problem for a registry to suspend a domain name. The obvious ones are botnet controllers and ones where they are instructed to do so by the legal authorities.

Regards...jmcc

So you mean that people need to find Registrars, Registries, and Hosting Companies that are aligned with their own ideology.

But that causes more divisions and takes us away from having a fair and uniform system.

Keep in mind that we are not talking about clear cut cases that are in violation of the law, here I am concerned more about the way that the TOS for Registrars, Registries, and Hosting Companies are going to be abused to affect people's freedom of speech based on differences in ideologies.

IMO

 

[bmugford]

Once a Registrar, Registry, or Hosting Company determines that someone is in violation of their TOS it would only be fair to have a higher authority that that person can appeal to before losing the website or its content.

Now that we are in the digital era we need to come up with some new methods and systems that can deal with the many problems and challenges that are facing us.

IMO

It is largely irrelevant though because the companies write their own TOS. TOS always include some type of blanket or vague policies when it comes to their decisions.

The bottom line really is if you are not spreading hate, doxxing, organizing violence, spreading dangerous misinformation, doing illegal stuff, etc. you don't normally have a problem finding a host. The vast majority of people having hosting issues, are having them for very valid reasons.

Brad

 

[jmcc]

Registries also set up sinkholes to target the domain name generation algorithms of malware. Some of these generated domain names are randomly generated 5 or 6 chacter domain names and the domain names of some innocent registrants have been swept up in these sinkhole approaches. I think that there was even a mention of one or two of them on Namepros.

Regards...jmcc