300 UK domains pilfered, massive security lapse blamed
What appears to be a glaringly obvious security hole has been blamed for the snatching of 300 domains hosted by one web-hosting firm last year, The Reg has discovered.
A source told El Reg that anyone with a hosting package from 123-Reg, and hence an account control panel, simply had to change the final section of the URL manually (to, for example, /someoneelseswebsite.co.uk) to be able to gain access to another site’s emails, name servers and billing.
Tags:
Read more: 300 UK domains pilfered, massive security lapse blamed
Story added 21. March 2013, content source with full text you can find at link above.
