09:14:51 - 17 November 2005

Share |Submit |RSS|Print|Comments

Loading...

Whether accidental or malicious, an incident between the AITDomains registrar system and the Public Information Registry (PIR) system late last week resulted in dozens of .ORG domains being deleted and placed in redemption. AIT, in conjunction with ICANN, is actively investigating and has requested that the Public Information Registry immediately restore service to all affected customers while the issue is being resolved.

“Every effort is being made to find out what went wrong and to fix it as quickly as possible,” said Clarence Briggs, CEO of Advanced Internet Technologies.”  In the meantime, AIT is offering a free secondary TLD to affected customers to serve as a redundant hosted mirror until this problem is settled.” 

As yet, the PIR has not responded to the restoration request, saying that AIT and its affected customers are obligated to pay a restoration fee for each impacted domain. AIT told PIR that it understands the policy, but is seeking an exception due to extraordinary circumstances. “It is difficult to believe that any Registrar would delete that many paying customer domains at once, especially domains that have yet to expire. We need to identify and fix the root cause of the problem so it will not happen again. That means we restore customers now, then do the investigation.”

AIT is assisting affected customers and doing limited restorations at its own expense. “Our logs indicate that no “delete” request was sent from the AIT network, but that is not what is important right now,” said Briggs. Most of the purported deletions supposedly occurred November 11th, 2005. “There are .ORG organizations worldwide that are being hurt with their domains not resolving and email not working, and it is imperative that we first get them up and then conduct a joint investigation for the benefit of the industry,” said Briggs.

AIT has expressed concerns with PIR security and has filed reports with ICANN, the FTC and Attorney General’s Office along with the forensic records from its security review of the PIR. It has also requested a full security investigation with regard to best practices. AIT would not disclose the details of its investigation except to say that it has filed its results with the appropriate authorities, is concerned that industry best practices are not being followed, and that 3^rd parties have been contracted to perform proxy and firewall services through which registrars connect to the registry.

“I don’t want to speculate on what happened,” said Briggs. “Suffice it to say that we do a lot of security work. For now, I just want the PIR and AIT mutual .ORG customers’ domains restored. I am confident that the PIR will work with us in good faith to resolve this quickly.”

Del.icio.us 

Digg 

Reddit 

Propeller 

Mixx It 

Hosting Bookmarks 

Share