ICANN Email Archives: [dssa]

ICANN ICANN Email List Archives

[dssa]

<<< Chronological Index >>> <<< Thread Index >>>

RE: [dssa] Interesting article -- probably out of scope for us, but FYI

To: "Mike O'Connor" <mike@xxxxxxxxxx>, dssa@xxxxxxxxx
Subject: RE: [dssa] Interesting article -- probably out of scope for us, but FYI
From: Greg Aaron <gaaron@xxxxxxxxxxxx>
Date: Tue, 13 Sep 2011 12:22:40 -0400

Hi, Mikey.  I think typosquatting's out of scope, full stop.  By allowing
that example in, we'd be allowing virtually any kind security problem or
threat vector back into scope again, simply if it was directed against a
registry operator.  That is too much; a rabbit hole we'd never emerge
from.

A lot of things come down to following good IT and administrative
practices, like: having a fundamentally sound network architecture, not
losing one's passwords, and using the UDRP or legal mechanisms when you
need to.  There are bodies who do IT best practices better than we do, and
ICANN's not in a position to explore all that kind of stuff.

All best,
--Greg




-----Original Message-----
From: Mike O'Connor [mailto:mike@xxxxxxxxxx]
Sent: Tuesday, September 13, 2011 8:31 AM
To: dssa@xxxxxxxxx
Subject: [dssa] Interesting article -- probably out of scope for us, but
FYI


hi all,

i thought some of you (being that we're a gaggle of security type people)
might be interested in this article about typosquatting domain names as a
way to passively harvest sensitive email.

        
http://arstechnica.com/business/news/2011/09/researchers-typosquatting-sna
rfed-20gb-worth-of-fortune-500-e-mails.ars

given that we're testing our "scope" rules this week, i thought i'd also
use this as a test case.  i would think that the general use-case of this
would be out of scope (malicious use of a domain name).  but it would be
in scope if it were used as an attack vector on a registry or registrar.
right?

so does that mean that we should build a section of our report that
collects these attack-vectors for possible inclusion in a "best practices"
section?

food for thought, low priority.

mikey

PS -- i have the corp.com domain, which started getting masses of this
kind of email as soon as i registered it in the mid-'90's.  i didn't
realize it until i wildcarded the MX for the domain one day and
immediately crashed my server.  for example, somebody would mis-address
mail to HRDept@xxxxxxxxxxxx rather than the correct HRDept@xxxxxxxxxxxx.
so there are other variants of this vulnerability and perhaps an
opportunity for somebody to do a great good deed by educating folks about
this.  btw, i immediately dropped the MX record out of that domain.  :-)

- - - - - - - - -
phone   651-647-6109
fax             866-280-2356
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google,
etc.)

Follow-Ups:
- Re: [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Mike O'Connor

References:
- [dssa] Interesting article -- probably out of scope for us, but FYI
  - From: Mike O'Connor

<<< Chronological Index >>> <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy