7x9000

Let's give them one last hurrah.

  • She/Her

“In your darkest hour, in the blackest night... think of me... and I will be with you. Always. For where else could I go? Who else could I love but you?”


Once, there was a link here. Now it is a memory. A memory of laughter and hope. A memory of good times. A memory that shall not be forgotten.

Stand tall, my friends. For our journeys shall never end.


If you still want to find me:
https://linktr.ee/7x9000


([ IMPORTANT ])
You do NOT have permission to
use any of my stuff. I am the sole
owner of Zorotek and related
things.



plumpan
@plumpan

So just as a reminder, the whole FA "hack" incident would have been over in like, an hour or two, if their domain registrar, Network Solutions, was competent at all.

The attacker gained access to the FA account at the registrar, no idea if it was a basic phish or sim swap or what, and basically all of the shit stemmed from there. They had control for 36 hours, long after Network Solutions was contacted and told "hey someone gained access to our account", and Network Solutions refused to fix this immediately. Per the post from the FA discord, it took "after meeting for several hours" to get this sorted out. Something that should be an immediate revert + lock, and then work on restoring proper ownership during business hours. At WORST. If not just having a 24/7 team for this kind of thing because that's what you do as a fucking registrar, you manage the damn domain name.

It's very obvious that Network Solutions is incapable of dealing with attacks like this, and now lots of potentially malicious people on the internet know that Network Solutions is going to be incompetent in this kind of situation. Big easy target.

If you do any work in IT or know someone who does and they use Network Solutions, you should swap registrars ASAP. If something like this was done by an attacker that was, frankly, competent, it could have caused a lot more damage.


You must log in to comment.

in reply to @plumpan's post:

Yup would have been pretty easy to set up a fake page and slurp tokens and passwords. Hell if you managed to grab admin credentials that way you WOULD HAVE gotten access to the main site, until they took that down.

Like this could have been way worse. I don't think it's worth saying anything about the attacker other than "they were incompetent" but Network Solutions dropped the ball fucking massively here and everyone needs to take note of that.

There will always be people trying to attack websites, that's just the world we live in. How the fuck do you run a registrar and not have proper policy and procedure in place for dealing with it?

there was also last month's netsol snafu: https://mailman.nanog.org/pipermail/nanog/2024-July/225901.html

hurricane electric is this tiny little company nobody's heard of with a website that looks like it hasn't been updated in two decades, which is because they don't have to because they're the #1 internet backbone people by a sizeable margin, who had their domain killed by one phishing complaint that took hours to resolve and had them begging on a public mailing list for a better contact to escalate to.

netsol fucking up is like clockwork, it's just this time everyone in furry space is gonna know and that's probably not good for their business. Oops

haha I was about to say, HE is fucking huge and I actually love their website. Used it a lot at a previous gig.

The main page is like 95% GIF by data size. Wish every website was like that, just simple and do the point and no fancy bullshit.

The amazing thing is that they're still in business, because I remember hearing pretty much the same sorts of stories regularly in the '90s, when they were the only game (registrar) in town and acted every part the monopoly. And the time that they refused to issue shitakemushrooms.com because "the four letters were offensive" while allowing a similar domain without the atakemushrooms part made them so notorious that it's a prominent part of their Wikipedia page...

the website is fragmented into all these lil pieces that don't look anything like each other and sometimes stuff just doesn't work or inexplicably loads really slowly
the "advanced" dns editor is missing a ton of features and is extremely cumbersome to work with
most of the pages look like they haven't been updated since 2001
just the worst registrar i've ever used. godaddy is close but netsol is still worse