New Nominet drop catching flaw exposed

[Hay]

On 20/09/2020 i contacted Nominet via email to report a flaw being used by "multiple" people to catch domains...

it would appear certain people are not just "Abusing" the flaw but "Abusing" it to the extent that is causing large amounts of traffic on nominets network in a way that its not designed to handle and for that reason im going to expose the flaw so nominet fix the issue as quickly as possible and put a stop to the greedy bastard(s) that want to play hard ball!

 

[Hay]

PS: (You know who you are and you know i know who you are)

 

[signature]

Wao, how is this a thing? Nominet needs to get a grip or the security and integrity of their platform.

 

[Hay]

Yeah they might be pissed off with me for exposing it but they will thank me in the long run for all the traffic and abuse they save

Those individual(s) im talking about know who they are and they are fully aware i know who they are.

I've also found code belonging to these individual(s) in an unprotected repository which contains TAGS, Usernames and Passwords which can be sent to Nom along with the screenshots...

 

[cyberdomains]

I reckon Nominet will offer you a job soon @Hay

 

[signature]

I hope they get a grip of their system.

 

[Hay]

I hope Nominet change it to where you just buy batches of EPP and all domains are dropped at the same time which will render flaws and multi taggers useless

 

[ian]

Bring it up in the annual general meeting (or whatever they call their pat on the back tea party) tomorrow?

 

[Hay]

@ian - What so everyone else can take the piss before they patch it?

 

[ian]

I meant more so they don't sweep it under the carpet as usual. If you tell the board in front of members, it will be minuted, logged, and will need them to deliver action. I get what you are saying about not wishing others to use it though, wasn't thinking about it that way.

 

[Hay]

@ian - Ive sent them all the info in the email

 

[ian]

But Ben, if you stop them, who will there be left for you to compete with lol

 

[Hay]

@ian - the other 999999 tags

 

[3gmedia]

So has this been happening with latest ror

I did notice that some premium domains had been caught by past active members

Very interesting

 

[Hay]

For the record... Anyone that thinks im talking about "Rob" im not... its nothing to do with him as far as im aware.

 

[lazaruslazarus is verified member.]

@Aaron Clifford get your popcorn gif out again!

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

 

[Aaron Clifford]

I tell you what it's days like this that I'm happy I've been so poor at finding flaws over the years.

 

[isurveyor]

I tell you what it's days like this that I'm happy I've been so poor at finding flaws over the years.

Me too, would not know a flaw if I tripped over it. I like to keep my feet on the ground....

 

[Aaron Clifford]

Why is this thread so quiet?

 

[armistice]

On 20/09/2020 i contacted Nominet via email to report a flaw being used by "multiple" people to catch domains...

it would appear certain people are not just "Abusing" the flaw but "Abusing" it to the extent that is causing large amounts of traffic on nominets network in a way that its not designed to handle and for that reason im going to expose the flaw so nominet fix the issue as quickly as possible and put a stop to the greedy bastard(s) that want to play hard ball!

@Hay Did this get dealt with by Nominet?