Sign in / up

back to article DNS chief and wannabe master-of-the-internet ICANN pwned… again

ICANN says its website's user accounts have been compromised by hackers who gained access to their names, email addresses, hashed passwords, and more. On Wednesday, the domain-name system overlord admitted its server security was breached within the past week: an "unauthorized person" obtained account records, which included …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mark 85

    Peachy.. just peachy...

    <rolls eyes> <puts head down on desk> <sighs loudly> Un-freaking-believable.... maybe we should just do away with passwords, encryption, etc. and give the agencies and the bad guys everything.... they seem have it already or will have it. While this is not on the same level as a SONY or OPM or Anthem hijack... it's endemic of the web and the world we live in.

    I know, it's not a matter of "if" you get nailed but "when". Still, it's pretty damning that they got hit again.

    3 0 Reply
    1. Ben Tasker
      Reply Icon

      Re: Peachy.. just peachy...

      At least they were using a decent hashing mechanism for passwords, though it does feel like that's about where their attention to security may have stopped.

      IANA is currently on a seperate network, but how many here believe that would still be the case if/after ICANN win the contract (especially in the long-term).

      On the upside, this time round, it's of a scale similar to this - https://xkcd.com/932/

      3 0 Reply
  2. Shadow Systems

    How to enforce good security practices.

    Every time some company or government entity gets hacked & the customer/employee/user data (especially PII) gets spaffed, the leaders (CEO's/Department Heads/etc) should be dragged out & beaten repeatedly with Pool Noodles.<br>Every person whom had data released in this fashion gets to whack the idiots 2 or 3 times, and if it was PII then it becomes 5~10 whacks instead.<br>Nothing lethal, just something to beat a clue into the bastards that set the policies that prevent the SysAdmins from enacting security measures that would actually *work* rather than just being "Security Theater" & a cluster fuck of clowns.<br>And then Fine said company/government entity/etc a cool 1Million per affected person. You know, just as a massive slam to the only part their share holders/corporate masters/tax payers will feel & then force meaningful change so it doesn't happen again. The fine payable by said CEO/Heads *personally*, just to make sure they get the hint...<p>Either that or just let us kick 'em in the groin repeatedly until We The Victims feel better.<br>I'll go get my steel toed Klingon Battle Boots.

    0 0 Reply
    1. Medixstiff
      Reply Icon

      Re: How to enforce good security practices.

      "Fine said company/government entity/etc a cool 1 Million per affected person."

      Nope, that way the taxpayer or shareholder gets left holding the bag, make it the CEO loses out either via loss of shares, degradation of their year's bonus or multiple years bonuses and in the case of Government run organisations, halving their superannuation or other benefits depending on which has the higher value.

      1 0 Reply
      1. Anonymous Coward
        Reply Icon
        Mushroom

        Re: How to enforce good security practices.

        You're putting to much effort into this. The simple solution is to just terminate their contract....everyone wins.

        0 0 Reply
        1. Mark 85
          Reply Icon

          Re: How to enforce good security practices.

          You're putting to much effort into this. The simple solution is to just terminate their contract them with extreme prejudice....everyone wins.

          FTFY

          0 0 Reply
      2. John Robson Silver badge
        Reply Icon

        Re: How to enforce good security practices.

        Anyone with a CxO designation gets no remuneration for the year.

        0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Who was the 'external service provider'?

    Verisign?

    The U.S. Government?

    ABB?

    0 0 Reply
  4. Ken Hagan Gold badge

    I reckon the Russians and Chinese would prefer the NSA to be in charge of the root zone than these jokers. At least that raises the bar a little. (I assume that the Russians and Chinese have *some* presence in the NSA and I also assume that organised criminals and most other governments don't. Perhaps that's naive.)

    0 0 Reply
  5. Scaffa
    Coat

    Coat's already on

    ..more like ICANN'T ho ho!

    Tara.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like