New Catching Flaw - Part 2

I wouldn't want to get too deep into speculating and conspiracy theories but since I had posted details about the flaw, I started to think a little about how I would have set it up if I wanted to take advantage of it. Maybe this is what has been going on with a particular person.

Now, this is speculation; there is no evidence for it that I know of. I'm not saying this is what was happening, but it may explain why Nominet couldn't spot what people were continuously telling them.

Let's identify a totally fictional character that has been catching names well above what was statistically possible - Person X.

Person X had access to at least five other tags; of this, I am confident. Now if these 5 tags were the ones fiddling the DAC and the delayed DAC allowance, but reporting DAC responses back to the clean character Tag which was openly owned by Person X. Person X could fire off the EPP command to register the domain names when he got the signal.

If Nominet checks the DAC logs of Person X, all appears correct, and there is no history of abuse. The proxy tags are the ones doing the abuse.

Why would anyone think to check the DAC logs of Tags that aren't catching anything?

Don't use the DAC Flaw
New Nominet drop catching flaw revealed?

Comments (3)

This comment was minimized by the moderator on the site

If only it was that simple, person X was going far beyond this and what he/she was doing would be considered hacking, but it was external to nominet.

This comment was minimized by the moderator on the site

I guess we will see when the September drops come. There maybe even more devastating holes in the DAC. I heave heard rumours that some people are keeping their hands clean until then. Then go for broke and won't care if Nom ban them afterwards.

This comment was minimized by the moderator on the site

The names dropping these days are of not what they were 5 years ago. The catching industry will be gone shortly anyway. Want a name, you will have to buy it at market rates.

There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest.
Attachments (0 / 3)
Share Your Location

By accepting you will be accessing a service provided by a third-party external to