Domain Hijacking Takes ICANN Spotlight

Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.

The report, announced Wednesday during an international meeting of the ICANN (Internet Corporation for Assigned Names and Numbers) in Luxembourg, followed at least two high-profile incidents this year of what is known as domain-name hijacking—one hitting New York-based ISP Panix and another affecting e-mail provider Hushmail Communications Corp.

Domain-name hijacking occurs when someone fraudulently takes control of a domain name, often by masquerading as the legitimate administrative contact for a domain name.

The e-mail addresses of administrative contacts, widely available in the WHOIS database of domain registrations, are used to verify domain-name holders.

The domain-name hijacking report, available here as a PDF, came from ICANN's Security and Stability Advisory Committee.

The committee advises the domain-name system overseer's board of directors and constituents such as the registrars that sell domain names to individuals and business and the registries that manage domains such as .com and .net.

Read the rest here:,1895,1836820,00.asp