Register.com Rushes to Fix Security Hole

Stephen Shankland CNET News.com 6/19/2000 Register.com, the second-largest domain name registrar, has acknowledged a security problem that could have allowed people to hijack others' Web sites. The problem allowed unauthorized access to the security software Register.com and its business partners use to manage Internet site information, such as a customer's contact information or the numerical address associated with a domain name. Spokeswoman Shonna Keogan said the security vulnerability was fixed today.

The security hole could have allowed someone to hijack any Web site that had been registered through Register.com, said Dan Nijs, a Register.com customer. Nijs, a Web site administrator, discovered the security hole.

Hijacking, in which visitors to a Web site are redirected to another of an attacker's choosing, has plagued sites such as Internet.com and RSA Security.

"We're really glad we were able to find out about the hole before any serious damage was done to anybody's domain information," Keogan said.

Nijs found to his dismay this week that he could get access to this privileged software just by copying a Web site out of records that catalog who visits a Web site. The information was contained in standard "refer" logs that record previously browsed Web addresses. One entry in the log was for Register.com's Web-based administration tool, Nijs said, that was complete with authentication information, or the equivalent of a password.

"If I was the only one who knew about it, it would be no problem," Nijs said. But unfortunately, the vulnerability isn't that hard to take advantage of. "Anyone who knew about this could have shut down a million Web sites," he added.

Nijs found he could get access to Register.com's own domain name information. He said that he also successfully changed his own Internet site's information.

Register.com is the second-largest registrar of Internet domain names, with about 1.5 million Internet addresses registered. The largest is Network Solutions.

Elias Levy, a security expert who runs the Bugtraq mailing list where Nijs described the problem today, said the problem was a result of sloppy programming on Register.com's part. "They didn't take the security aspect of refers into account," he said.

But Register.com isn't the first to suffer from the dangerous combination of refers and Web-based services that record authentication information in their Web addresses. Web-based email providers also have suffered from overly descriptive Web addresses that allow unauthorized access.

Nijs said a more devious but difficult exploitation of the Register.com vulnerability could have allowed a person to change email routing information. By doing so, a person could intercept all the email a company received, gather information, then forward the emails to the company. This would make it harder for the company to know someone was snooping their communications.

http://abcnews.go.com/sections/tech/CNET/cnet_register000619.html

-- Martin Thompson (mthom1927@aol.com), June 19, 2000