« PayPal: New "Key" on the Block | Main | Putting order into things (Part I) »

CheckFree Hijacked Due to Poor Domain Registrar Authentication

This just in from the Washington Post: CheckFree, a major online bill payment site with over 24 million customers, had their domain hijacked and redirected to a site that tried to install malicious software on users computers. This all happened because criminals stole the username and password for CheckFree's domain management account at Network Solutions.

Clearly the criminals who perpetrated this attack should be caught and prosecuted, but isn't it sad that such valuable assets are protected by just a simple username and password? If you run a website, your domain registrar has the keys to your online castle -- how could this not be protected by strong two-factor authentication?

Posted by Jeff Burstein on December 5, 2008 12:44 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

VeriSign Identity Protection

Search

Categories

Authentication | Fraud Detection | Fraud Detection Service | Identity | OpenID | VIP Blog | WiMAX | fraud protection | iPhone | layered security | two-factor authentication | second-factor authentication | verisign |

Archives

December 2009
November 2009
October 2009
September 2009
August 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008

Recent Posts

Layered Security Strategy, the Key to Trust
Password for my password
Bourne Identity Protection
Blogging about Blogs - VIP Access for Mobile getting noticed
Meditations in an Analyst Summit
RSA and VeriSign team up on Cloud-based, Two-Factor Authentication offering
Email Phishing Scheme Takeaway: More than Just the High & Flighty Need Stronger Security
The next Hollywood blockbuster?
Why Cloud Security is only as Strong as Your Weakest Password (and what you can do about it)
VeriSign Shares Strong Authentication Development Tools with Mobile Developers in the Fast Lane

Comments

We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate.
Powered by
Movable Type 4.21-en
Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.

VeriSign Legal Notices

Read our Privacy Policy