Thursday, February 02, 2012

Security experts give advice on preventing domain name hijacking

Webroot has tweeted the location of an “IT News” story by Meridith Levinson, “4 Ways to Prevent Domain Name Hijacking”, link here.

The recommendations apply more to enterprises than to small businesses or individuals.  It is a good idea to use an “enterprise-class registrar” (the best known is Network Solutions in northern VA) and if a smaller business, shared web hosting, or at least professionally assisted secure hosting (for example, Verio, also in northern VA and Colorado). 

The book that I just reviewed on my book reviews blog (Jan. 28) by Torrenzano and Davis, “Digital Assassination”, warned ordinary users about the risks about letting their credit cards expire just before their automated domain name renewals come up, and recommended private registration if possible. Check your account occasionally.

Levinson tells the story of the hacking of “coach.com” and the redirection to the “hactivist UGNazi” site.  It’s odd that Coach was supposedly targeted for supporting SOPA (discussed on my main blog) because many of its products are heavily counterfeited, for “political motives” only.

SOPA and Protect-IP have both detriments and benefits for online security, depending on how you look at things. Of course, meddling with the DNS mechanism itself would be dangerous, and invite another crisis like the one that led to an emergency meeting at Microsoft in the summer of 2008. The Obama administration has heavily opposed proposals to force redirection from domain names.

The article also recommends getting DNSSEC Security Extensions from your registrar, to prevent a user from being hijacked after clicking on your site (even if he or she has poor home security?)   The website is here, and we'll come back to this later.  

No comments: