Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/27/2007
09:29 AM
Cora Nucci
Cora Nucci
Commentary
50%
50%

Is Your Domain Name Safe From Porn Pirates?

Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.

Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.Globally, the internet porn industry is said to be worth $57 billion annually. Arrgh, that's a lot of dubloons.

Your company's domain name, or web address, also has value. And while the markets may not attach a billion-dollar pricetag to it (yet), for many small and midsize businesses, their domain names are a major business asset.

If you have not taken steps to secure yours from plundering porn pirates, beware: Web-address theft is an "everyday event", the Wall Street Journal reminded us this week.

Even Federal lawmakers are not immune. Visitors to congressman Ed Perlmutter's (D-CO 7th) web site last year were briefly treated to a photo of a bikinied woman and links proffering "free uncensored webcams," "local girls for sex," and "cheating wives adult chat." Pirates 1. Perlmutter 0.

What could Perlmutter's staff have done to protect the boss from swashbucklers? Experts recommend these minimal steps:

  • Lock down your domain name by placing a registrar lock on it
  • Safeguard the email address used to register the domain. Use corporate email, not Yahoo or Hotmail
  • Keep registration information on Whois up to date
  • ICANN's report on remedial actions is a 48-page yawner. For an inside look at one way pirates can scam the domain registry system, read How to Hijack a Domain from darknet.org, an "ethical hacking" group.

    Arrgh. They be the good pirates.

    Comment  | 
    Print  | 
    More Insights
    Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-23381
    PUBLISHED: 2021-04-18
    This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23374
    PUBLISHED: 2021-04-18
    This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23375
    PUBLISHED: 2021-04-18
    This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23376
    PUBLISHED: 2021-04-18
    This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23377
    PUBLISHED: 2021-04-18
    This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.