New PCI DSS 3.1

NameCheap Name Server Vulnerability Allows Unauthorized Users To Create Sub-Domains

729

News broke yesterday that domain registrar NameCheap have been implicated in a server vulnerability which allows unauthorized users to create sub-domains. Tim Helming, Director of Product Management at DomainTools commented below.

Tim Helming, Director of Product Management at DomainTools:

“This is exactly the kind of issue which highlights the importance of domain registrars taking security as seriously as possible. Hijacking DNS credentials is a cybercriminal’s dream, as it could facilitate their picking up on established brands, and their traffic, for nefarious purposes. NameCheap should be incredibly careful moving forward regarding the verification of users’ permissions to create sub-domains, in order to keep both individuals and brands safe from cybercrime and spam.”