[thelist] NSI to change security...finally!

Julia Frizzell Julia_Frizzell at Brown.edu
Fri Jul 7 09:32:57 CDT 2000


I just got this in email. Looks like they're finally taking steps to 
fix their lax security procedures.

>Subject: Important Security Update to Your Account
>
>Dear Customer,
>
>IMPORTANT ACCOUNT ENHANCEMENTS SCHEDULED: SECURITY UPGRADES
>MAY REQUIRE ADDITIONAL STEP BEFORE CHANGES ARE MADE
>**************************************************
>Security for our customers has always been a top priority
>at Network Solutions. Now we are taking that even further
>as we merge with VeriSign, one of the industry leaders in
>Internet security. We all recognize information security is
>vital on the Internet, and we want to assure you that we
>constantly monitor security and maintain systems that help
>protect you and your information. This message is about
>changes in our guardian security system.
>
>WHAT DOES THIS MEAN FOR ME?
>**************************************************
>When you first registered your domain name you may have
>selected a security option. You then currently have one
>of three Guardian authentication methods: "Mail-From,"
>Password (Crypt-PW), and Secure Encryption (PGP).
>
>With our upcoming upgrade, customers who have not yet
>selected a security option will be migrated to "Mail-From"
>security. Customers who currently use the "Mail-From After
>Update" Guardian authentication method will now have to
>respond to an e-mail security check before the requested
>changes will be implemented. Customers who currently use
>existing Guardian security options do not have to make
>any changes at all.
>
>WHAT WILL HAPPEN WHEN I REQUEST A CHANGE?
>**************************************************
>NSI is enhancing "Mail-From" with an additional e-mail
>security check. Specifically, NSI will e-mail a validation
>request to the specific administrative and technical
>contact listed for a domain name before making any
>modification to that domain name. This means, if you have
>"Mail-From" security, NSI will no longer implement a
>requested change until we receive e-mail verification
>confirming authorization from either contact. It's an extra
>step, but it's worth it to protect your account.
>
>WHEN WILL THIS HAPPEN?
>**************************************************
>We have scheduled the modification for Saturday, July 8,
>2000, so you should check your account information to see
>if it is correct. Actually, it's a good idea to check your
>account periodically anyway.
>
>To make modifications easier, we provided easy-to-follow
>instructions on our web site at:
>http://info.networksolutions.com/go/h/security/guardian/
>
>Additionally, we updated the contact form FAQs, which can
>be found at:
>http://info.networksolutions.com/go/h/security/contact1/
>
>Please note that we continue to enhance security. Future
>security plans include the use of VeriSign certificates
>for authentication. But don't worry; we will keep you
>completely informed about these upcoming changes.
>
>If you have further questions or concerns about this
>current security upgrade, please contact our Customer
>Service Department at:
>http://info.networksolutions.com/go/h/security/contact2/
>
>
>Sincerely,
>F. Michael Kyle
>Vice President, Customer Service
>Network Solutions(R)
>a VeriSign(R) company
>
>Copyright 2000 Network Solutions, Inc. All rights reserved.




More information about the thelist mailing list