How easy is it to take over Excite's domain name? Very, according to Jim Reardon.
Reardon, a network administrator and the owner of the Free Center site, which links to a variety of free stuff on the Web, was awakened Wednesday morning by a barrage of phone calls from angry administrators at Web sites across the Net. Tuesday night, a prankster had attempted to transfer ownership of over 100 domain names in the Network Solutions database -- ranging from tripod.com to bignosedbird.com -- to Reardon. Although most of those requests were bounced, rejected or returned to the real administrators of the sites, two of them received automatic approval from the Network Solutions system.
The domain names that Reardon discovered he owned on Wednesday morning are excite.com and cihost.com. Reardon could easily have claimed the domain names and transferred their traffic to his own site -- giving freecenter.com the 17 million monthly visitors to Excite, the Web's seventh most popular site, according to Media Metrix. But since, as he puts it, "my mama trained me right," Reardon quickly called Network Solutions and the proper owners of the two domains.
Network Solutions had corrected the problem by Wednesday afternoon. If it hadn't been fixed,
though, the Excite and CI Host sites could have gone down, since the pranksters transferred the sites' domain names to Reardon's IP addresses.
And the quick transfer of such major sites raises eyebrows about the Network Solutions security process -- especially for a site as large as Excite's. Reardon explains, "Network Solutions needs to realize how serious their job is; if they transfer a domain they need to confirm that the person who is transferring it has the authority to do so."
Network Solutions is throwing the blame on Excite itself. Spokesman Brian O'Shaughnessy says that Excite chose the lowest of three available levels of domain name security; it was their fault, he says, that a simple e-mail spoof was so effective. Excite was unable to comment at press time. But O'Shaughnessy planted the problem firmly on the portal's shoulders: "It's up to the individual to take the onus for that security upon themselves," he says.