Hacking proves domain name private registration works

Last week, Wired journalist, Matt Honan detailed how his digital life was wiped out in an hour by hackers. In horrifying detail, Honan writes about how he was systematically locked out of his iPhone, iPad, MacBook, as well as his Google account and it dawned on him that something was “seriously wrong”.

Honan had made a few common mistakes that we all make like not backing up, and using the same prefix for his Apple, Amazon, and Gmail accounts making them easy to guess. He says his biggest mistake was using the Find My Mac service which allowed the hacker to remotely access his Mac.

One other key mistake Honan made, was not having a Private Registration service on his domain name. He writes:

“So how did he [the hacker] get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain.”

The hacker gained access to Honan’s Apple and Amazon accounts by quoting his billing address to their customer service operators who used this as part of their authentication process. Having this information was a major factor in enabling the hack to progress. Had Private Registration been enabled for Honan’s domain name, the billing address would have been harder, although not impossible, to find.

So what is Private Registration?

Domain name registries like com, net, and org require the contact details associated with a domain name to be published in a publicly accessible database called a Whois database. Whois originated in the 1980′s as a protocol for looking up information associated with domain names and IP addresses. A Whois lookup returns registration information for a domain name including the contact information of the registrant.

Private registration masks the details that are published, whilst still maintaining the correct information as mandated by the domain name registries. This means that when someone looks up a domain name, they don’t see personal contact information that can be used for nefarious purposes, they see generic information. Instead of seeing where you live, someone looking up your domain name will see:

As Cloud services become more ubiquitous, consumers and cloud services providers need to make security a top priority. The seamless elegance offered by a lot of services can result in an apathy about security and privacy, which as Matt Honan sadly learnt can have dire consequences.

To add private registration to your Melbourne IT domain names, login to your MyAccount.

Never without at least three different portable technology devices in tow, Jon lives and breathes all things IT. Jon manages the Product Management team for Melbourne IT's SMB Solutions division to deliver the best possible products for our customers. In his spare time he likes to read everything there is about every topic in order to sound impressive during Trivia nights at his local.

http://www.melbourneit.com.au/

Saeed Neamati

Then does it mean that there is no way at all (not even a workaround) to get information of a protected domain?

http://www.melbourneit.com.au/author/jonothan./ Jon Stribling

Sawed, we offer a facility which allows people to email the Registrant. You can find out the address by emailing contact@myprivateregiatration.com.