back to article Gmail exploit aids domain hijack

Web designer David Airey has succeeded in recovering his domain after hackers exploited flaws in Gmail to trick his hosts into authorising a fraudulent transfer. Airey's woes began when he took his girlfriend for a month-long holiday to India on 21 November, a trip he mentioned in his blog. The holiday was a break from work and …

COMMENTS

This topic is closed for new posts.
Unhappy

Oops

Looks like the hackers got it back.

I get an error when I try to connect.

0
0
Thumb Up

G-mail

I have use G-mail for a long time and have a number of domains. but iv never found a problem. infact i wish google had there own ISP&domain reg. as i think the service they have given me is tops. i have been a internet surfer and basic web builder for a number of years and been with gmail for the last 18months and im yet to find a problem. so not everyone is effected by this and i am still 100% happy with m google service.

0
0
Happy

no longers oops

Just checked it looks fine now. He mentions going down due to heavy traffice but has fixed that up now.

0
0
Stop

GMailers: how to check

Anyone who has a gmail accout (or google apps account) should check their filters (settings->filters) for any entries that they didn't add.

Although the exploit has been fixed, someone who hacked your account before the fix could still be silently monitoring your email. The only way to be sure is to check your filters.

0
0
Happy

@ Alacrity Fitzhugh

No, you just observed the slashdot effect in action :). Or actually the 'NYTimes, Digg, StumbleUpon, Reddit, Lifehacker and many other online sources.' effect.

0
0

not much of a news story ..

Really, all David needed to do when the domain 'disappeared' was to do a WHOIS on Davidairey.com, see that the hijackers had been dumb enough to park it at Godaddy, and just call GoDaddy directly about the fruadulant transfer .. GoDaddy would have then required a fax to Verisign with documentation proving David is who he says he is, and the domain returned (not to mention the hijackers paying for another years registration in making the transfer to GoDaddy)

His Hosting firm should have known this, at least, and assisted him .. domain could have been recovered in 3 business days maximum.

GoDaddy does good, quick work on fraud cases, they really don't want shady stuff going on using thier services

0
0
Flame

What a great idea!

Make your whole livelihood dependent on a free email service.

0
0
Boffin

What a great idea

And his site receives a huge amount of publicity. <cough>

0
0
Anonymous Coward

GoDaddy

All these nice comments about GoDaddy made me laugh. They are the host (in the medical sense as well as the web sense) for most of the upsurge in SPAM I have been receiving since I needed to create an account on a support page. Fortunately I had the sense to use a SPAM-bucket mail address and have been forwarding all the wonderful offers to the FTC (spam@ecu.gov). It is all the more enjoyable as the email include a virtuous footer proclaiming they adhere to the CAN-SPAM Act of 2003.

Nearly forgot, when I complained to GoDaddy they asked me to forward examples which I did, unfortunately their SPAM filter blocked it.....priceless

0
0
Flame

NoDaddy..

@Erik Aamot -

If I recall correctly a lot of people have serious problems, in trying to get usable customer assistance from GoDaddy.. wasn't SecLists.org shut down when it was hosted on GD?

I've heard a lot of rumblings about GD being a nightmare to use and get any kind og help or support (you get more from Googling for help or asking in other communities than their Helldesk), one of the reasons I avoided them when I bought my own domain.

0
0
Anonymous Coward

Domain locking ?

Don't GoDaddy use domain locking ? The registrar I use won't consider any transfer request while the domain is locked, and only I can unlock it, by visiting their site, logging in, and clearing a check box. I guess the "victim" needs to learn some basic security (and use a better registrar).

0
0
Joke

This can't be right

Exploits are caused by the evil of Micro$oft. I know this to be true because I read it on Slashdot.

How can there be an exploit that affects Google? - they don't use M$FT software. It must be a conspiracy orchestrated personally by Bill Gates from his lair in the Space Needle.

0
0
Coat

@Rich

--

'Exploits are caused by the evil of Micro$oft. I know this to be true because I read it on Slashdot.'

--

Taxi!

0
0
Thumb Up

Praise for GoDaddy

I just wanted to chime in and say I've been very happy with GoDaddy support turnaround and their services both hosting and their basic domain redirection.

I've not had any spam problems traceable to them.

0
0
Heart

Uh . . .

surely the most striking thing about this is the hilariously low ransom, that they then lowered?

maybe they wanted to get a wii or something, and some pokemon.

0
0
Silver badge
Paris Hilton

Sense

Never use gmail, hotmail or yahoo mail for anything important.

0
0
This topic is closed for new posts.

Forums