back to article Gmail exploit aids domain hijack

Web designer David Airey has succeeded in recovering his domain after hackers exploited flaws in Gmail to trick his hosts into authorising a fraudulent transfer. Airey's woes began when he took his girlfriend for a month-long holiday to India on 21 November, a trip he mentioned in his blog. The holiday was a break from work …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Unhappy

    Oops

    Looks like the hackers got it back.

    I get an error when I try to connect.

  2. mickey
    Thumb Up

    G-mail

    I have use G-mail for a long time and have a number of domains. but iv never found a problem. infact i wish google had there own ISP&domain reg. as i think the service they have given me is tops. i have been a internet surfer and basic web builder for a number of years and been with gmail for the last 18months and im yet to find a problem. so not everyone is effected by this and i am still 100% happy with m google service.

  3. Grant
    Happy

    no longers oops

    Just checked it looks fine now. He mentions going down due to heavy traffice but has fixed that up now.

  4. Stephen Stagg
    Stop

    GMailers: how to check

    Anyone who has a gmail accout (or google apps account) should check their filters (settings->filters) for any entries that they didn't add.

    Although the exploit has been fixed, someone who hacked your account before the fix could still be silently monitoring your email. The only way to be sure is to check your filters.

  5. Stephen Stagg
    Happy

    @ Alacrity Fitzhugh

    No, you just observed the slashdot effect in action :). Or actually the 'NYTimes, Digg, StumbleUpon, Reddit, Lifehacker and many other online sources.' effect.

  6. Erik Aamot

    not much of a news story ..

    Really, all David needed to do when the domain 'disappeared' was to do a WHOIS on Davidairey.com, see that the hijackers had been dumb enough to park it at Godaddy, and just call GoDaddy directly about the fruadulant transfer .. GoDaddy would have then required a fax to Verisign with documentation proving David is who he says he is, and the domain returned (not to mention the hijackers paying for another years registration in making the transfer to GoDaddy)

    His Hosting firm should have known this, at least, and assisted him .. domain could have been recovered in 3 business days maximum.

    GoDaddy does good, quick work on fraud cases, they really don't want shady stuff going on using thier services

  7. Dick
    Flame

    What a great idea!

    Make your whole livelihood dependent on a free email service.

  8. Chris
    Boffin

    What a great idea

    And his site receives a huge amount of publicity. <cough>

  9. Anonymous Coward
    Anonymous Coward

    GoDaddy

    All these nice comments about GoDaddy made me laugh. They are the host (in the medical sense as well as the web sense) for most of the upsurge in SPAM I have been receiving since I needed to create an account on a support page. Fortunately I had the sense to use a SPAM-bucket mail address and have been forwarding all the wonderful offers to the FTC (spam@ecu.gov). It is all the more enjoyable as the email include a virtuous footer proclaiming they adhere to the CAN-SPAM Act of 2003.

    Nearly forgot, when I complained to GoDaddy they asked me to forward examples which I did, unfortunately their SPAM filter blocked it.....priceless

  10. Anonymous Coward
    Flame

    NoDaddy..

    @Erik Aamot -

    If I recall correctly a lot of people have serious problems, in trying to get usable customer assistance from GoDaddy.. wasn't SecLists.org shut down when it was hosted on GD?

    I've heard a lot of rumblings about GD being a nightmare to use and get any kind og help or support (you get more from Googling for help or asking in other communities than their Helldesk), one of the reasons I avoided them when I bought my own domain.

  11. Anonymous Coward
    Anonymous Coward

    Domain locking ?

    Don't GoDaddy use domain locking ? The registrar I use won't consider any transfer request while the domain is locked, and only I can unlock it, by visiting their site, logging in, and clearing a check box. I guess the "victim" needs to learn some basic security (and use a better registrar).

  12. Rich
    Joke

    This can't be right

    Exploits are caused by the evil of Micro$oft. I know this to be true because I read it on Slashdot.

    How can there be an exploit that affects Google? - they don't use M$FT software. It must be a conspiracy orchestrated personally by Bill Gates from his lair in the Space Needle.

  13. Chris
    Coat

    @Rich

    --

    'Exploits are caused by the evil of Micro$oft. I know this to be true because I read it on Slashdot.'

    --

    Taxi!

  14. Andy Dent
    Thumb Up

    Praise for GoDaddy

    I just wanted to chime in and say I've been very happy with GoDaddy support turnaround and their services both hosting and their basic domain redirection.

    I've not had any spam problems traceable to them.

  15. number-g
    Heart

    Uh . . .

    surely the most striking thing about this is the hilariously low ransom, that they then lowered?

    maybe they wanted to get a wii or something, and some pokemon.

  16. Mage Silver badge
    Paris Hilton

    Sense

    Never use gmail, hotmail or yahoo mail for anything important.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019