What? No lock on 32 LL.com domains?

Nowadays it seems crazy not to lock your domains.

All registrars offer this feature as a default option; others offer extended locking mechanisms or even hardware locks via the use of a ‘fob device’.

Although a transfer out cannot be completed automatically without the use of an authentication code, there are unscrupulous individuals that would attempt to hijack valuable domains. Keeping them unlocked is like an open invitation.

It sounds insane but currently there are 32 LL.com domains that return an “OK” status which indicates they are unlocked. I thought it’d be interesting to list the registrars they belong to.

For security purposes, I won’t list the domains themselves; I’m also listing how many unlocked LL.com domains belong to each registrar.

5 TUCOWS INC.
3 ASCIO TECHNOLOGIES, INC.
3 DYNAMIC DOLPHIN, INC.
3 GROUP NBT PLC AKA NETNAMES
3 MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
2 1 & 1 INTERNET AG
2 CORE INTERNET COUNCIL OF REGISTRARS
2 NETWORK SOLUTIONS, LLC.
1 ADVANCED INTERNET TECHNOLOGIES, INC.
1 DSTR ACQUISITION PA I, LLC DBA DOMAINBANK.COM
1 EASYDNS TECHNOLOGIES, INC.
1 ENOM, INC.
1 GODADDY.COM, INC.
1 HICHINA ZHICHENG TECHNOLOGY LTD.
1 KEY-SYSTEMS GMBH
1 PSI-USA, INC. DBA DOMAIN ROBOT
1 WOOHO T&C CO., LTD. D/B/A RGNAMES.COM

Comments

  1. You ought to send off transfer requests to all 32 LL.com domains. Perhaps one domain owner (being a big boobed blonde) might accidentally click “accept” transfer…worth a try and either way if they all cancel, you get your money back!

  2. Attila – as you know, such an “experiment” would be akin to theft.

    Regardless, you’d need an authorization code. For several years, ICANN did not enforce the use of an auth code for .com and .net domains and that was when a lot of unlocked domains were hijacked.

    The problem with unlocked domains is that a potential hijacker would only need to obtain the auth code – versus accessing the lock/unlock feature *and* getting the code.

    Beware of social engineering. Kevin Mitnick is still the paradigm.

  3. Yep, forgot about the auth code. It was 7am for me here in China and not much of a morning person. Woke up for the Latona auctions.

    Right when I hit submit, I was like.. “oh yeah, auth code, duh” and by then, it was too late :-p

    Even the net is full of security loop holes, the brightest security “analysts” have a tough time cracking through today’s hardware / software firewalls let alone the security measure of today’s technology has compared to 10 years ago.

    Kevin could hack his way into homeland 10 years ago without much effort, but today, he would have to work 100,000x harder to get through. For registrars, it would only be 10x harder since they all seem to use modern yet simple security protocols.

    Unless of course you have a security dongle key like fabulous.com and name.com which passwords change each 30 seconds.

Speak Your Mind

*