Bottle Domains Suffers Security Breach

[Ceres]

If the Australian company Bottle Domains is the registrar or host of one of your domains, please note:

The Australian Federal Police is investigating a security breach at Australian registrar Bottle Domains that may have exposed an unknown number of account and domain name passwords.

Read more here.

 

[Jeff]

I can't believe the registrar actually stores passwords in plain text. It's so ridiculous. Even INForum's software doesn't do that - we could be hacked and there would be no security problems. It's really not hard to set things up so that passwords can't be stolen.

 

[Ceres]

Bottle Domains has announced that the security breach relates to another breach that took place in 2007 . It is alleged that an employee of a third party registrar is involved.

The AFP have arrested a Perth male in relation to the investigation.

 

[RaghavK]

Saving passwords in a text file is really really ridiculous..have they updated about any new security features?

 

[Ace]

We are in 2009 and and yet passwords are stored in plain text. I don't know what to say, my professor who thought me security would be fuming.

Jeff, regarding inforum having hashed password, its the software vBulletin which has this small but important feature. In "Bottle Domains" case I believe they might have made custom software and who ever architected the software missed that case.

 

[Jeff]

I don't think it was posted about here, but Namedrive recently had a similar issue. What's more, the hackers posted the usernames and passwords in a hackers' forum.

Ace, your professor is absolutely correct!

 

[Ceres]

Update: The auDA has now terminated the registrar accreditation of Bottle Domains due to "a serious breach of its obligations under the registrar agreement."

Nicholas Bolton loses internet domain registration business

If you have domains registered with Bottle Domains, I assume you'll need to transfer to a different registrar?

 

[Ceres]

Update #2: Bottle Domains has been reinstated as a domain name registrar after the Supreme Court granted a temporary injunction against auDA.

In the meantime, Bottle Domains is commencing legal proceedings against auDA over its cancellation of their accreditation.

 

[Jeff]

Update #2: Bottle Domains has been reinstated as a domain name registrar after the Supreme Court granted a temporary injunction against auDA.

Do you have a link?

[In the meantime, Bottle Domains is commencing legal proceedings against auDA over its cancellation of their accreditation.

On what ground?

 

[Ceres]

Do you have a link?

Bolton takes on internet controller

On what ground?

The article states:

"Mr Disspain of auDA has acted as judge, jury and executioner by cancelling Bottle Domains' accreditation so suddenly, and this action is now proving to be grossly negligent," said Mr Bloch. "There is now the possibility that, if Bottle Domains wins its case, auDA may be subject to severe damages for loss of business, potentially bankrupting the tightly budgeted administrator."

 

[Ceres]

Re: Supreme Court Upholds auDA's Decision to Cancel Accreditation of Bottle Domains

Update on this case. The Supreme Court of Victoria upheld auDA's decision to terminate Bottle Domains accreditation.

After Bottle's accreditation was terminated, Mr Bolton took auDA to court, but yesterday lost the fight. Bottle Domains will no longer be able to sell or register domain names. Three other domain name registry companies owned by Mr Bolton will now be reviewed by auDA, after Justice Kim Hargrave questioned Mr Bolton's actions after the discovery of three separate security breaches.

Justice Hargrave said that Mr Bolton had demonstrated ''an extraordinary indifference to the effect of credit card fraud upon its victims'', and said that if Mr Bolton had notified auDA of the initial security breach in 2007, the later theft of credit card details may have been avoided.

Source: Bolton tangled in web scam