SECURITY: Hotmail + whois = beware


I thought I’d pass on this anecdote from Magic Dave (one of our techies).
We host a fair few websites for clients and sometimes clients transfer sites from other hosts to us.

Normally this goes pretty smoothly unless the client’s IT manager who set up all the DNS settings has left the company. Last week we had this problem – the previous IT manager for our client had bought the domain and parked it with an ISP, then left the company. We had no way of getting into their account (on behalf of our client) and the ISP required a request in writing, and after 30 days they would re-assign the account etc -> bottom line: it was going to be a hassle.

So Magic Dave looked up the domain with a basic whois search and discovers the client’s previous IT Manager had set up the account with a Hotmail address.

And Hotmail as we know has some pretty strict use requirements eg if you don’t use your account for X days they delete your account.

OK, so what if we go and sign up on Hotmail with the address the previous IT Manager used. Yep, Magic was able to sign up. He went back to the ISP clicked on the ‘Forgot my password’ link and got the password sent to himself. Got in and reassigned the DNS and all is well.

How many sites have you registered on with a Hotmail account?

Add comment

By Craig Bailey