Icann security chief rules out malicious attack behind gTLD submission glitch

The Internet Corporation for Assigned Names and Numbers (Icann) has revealed more details on the problems afflicting its submission system for generic top level domains that forced it to take the system offline and extend the submission deadline.

The organisation first announced there was an issue earlier this month, revealing that some information submitted by firms applying for a new domain may have been visible to one another in the process.

Speaking in a video interview, the organisation's chief security officer Jeff Moss said that having studied the issue, he was confident there was no malicious intent behind the glitch.

"We analysed all the logs and any other indicators that may suggest and intrusion, we didn't find anything. Nothing points to a compromise, [there's] no indicator of a compromise"," he said.
Moss explained that despite this, the organisation still decided to take the system offline as a precautionary measure.

"[It was the] safest thing to do. Without knowing if it was a security incident, without knowing if persistent issue, safest thing is to take it offline. Had we kept it running, only to find a bigger problem down the road, it would have been catastrophic for us."

Moss explained that the glitch had meant some details were made visible to applicants using the system.
"Under certain circumstances, users that had previously deleted a file, could end up seeing the file name of another user who had uploaded a file," he said.

"Certain data was being revealed to users who were not seeking that data. It would just show up on their screen."

Moss didn't explain what had caused the issue but said the organisation believes it has solved the issue and was analysing the data to assess who was affected.

"So, we are very confident we know what caused the issue and that we have corrected the issue," he said.
"We are going back through all our logs and analysing exactly who was affected and when, so with confidence we will be able to notify everybody, where they at risk of having somebody see their file name or weren't they."

The gTLD brand process had already caused controversy in the online community, with some claiming it was merely a money making exercise by Icann and could cause huge legal issues for firms.

Views: 1340

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

22 April 2024

21 04 2024