SECURITY: Hotmail + whois = beware

Posted on October 22, 2005. Filed under: Visual FoxPro |

I thought I’d pass on this anecdote from Magic Dave (one of our techies).
We host a fair few websites for clients and sometimes clients transfer sites from other hosts to us.

Normally this goes pretty smoothly unless the client’s IT manager who set up all the DNS settings has left the company. Last week we had this problem – the previous IT manager for our client had bought the domain and parked it with an ISP, then left the company. We had no way of getting into their account (on behalf of our client) and the ISP required a request in writing, and after 30 days they would re-assign the account etc -> bottom line: it was going to be a hassle.

So Magic Dave looked up the domain with a basic whois search and discovers the client’s previous IT Manager had set up the account with a Hotmail address.

And Hotmail as we know has some pretty strict use requirements eg if you don’t use your account for X days they delete your account.

OK, so what if we go and sign up on Hotmail with the address the previous IT Manager used. Yep, Magic was able to sign up. He went back to the ISP clicked on the ‘Forgot my password’ link and got the password sent to himself. Got in and reassigned the DNS and all is well.

How many sites have you registered on with a Hotmail account?


Make a Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: