ICANN 'glitch' let gTLD rivals see user details

 

Was aware of glitch in March, thought it was fixed.

Internet domain name regulator ICANN has revealed that the software 'glitch' behind last week's shutdown of its generic top level domain (gTLD) application system let rivals view each others’ user details. 

“We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users' file names and user names in certain scenarios,” ICANN’s chief operating officer Akram Atallah said in a statement late Thursday

The shutdown occurred on the date of the official deadline for big brand companies to apply for generic TLD names such as “.pepsi”. 

ICANN pushed out the deadline to April 20 and said the system should be back online by April 17.

However, on Saturday, Atallah said ICANN won’t know until midnight April 16 whether it can meet that timeframe. 

Atallah also clarified that the first incident in which one applicant could view another applicant’s details was March 19, early on in the process. 

“[W]e are sifting through the thousands of customer service inquiries received since the opening of the application submission period,” said Atallah.

“This preliminary review has identified a user report on March 19 that appears to be the first report related to this technical issue.”

It appears that ICANN was already aware of the problem and thought it had resolved the issue.  

“Although we believed the issues identified in the initial and subsequent reports had been addressed, on April 12 we confirmed that there was a continuing unresolved issue and we shut down the system,” said Atallah.

“We are still aggressively looking into the issue, and we will publish additional information as soon as it can be confirmed.”

Copyright © iTnews.com.au . All rights reserved.


ICANN 'glitch' let gTLD rivals see user details
 
 
 
Top Stories
Australia’s banks review the iPhone 6
ANZ, ING Direct and Westpac execs weigh in on NFC, TouchID and big screens.
 
Domain does DevOps
And they’re doing it on .NET.
 
The ethics of security
[Blog post] Where did that zero-day go?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1155

Vote