A Day of Security Glitches, 1&1 and Facebook

A couple of new things filtered into the SANS Internet Storm Center this week, one being a security glitch from the ISP and domain provider 1&1. Turns out that if a user had registered a domain with the company, and opted for the private registration, those private registrations were still published in the WHOIS records. If you've used this service recently to register a domain, you should definitely check the records to see if this has affected your domain name.

Of course, Johannes Ullrich, SANS chief security officer, notes that private domain registrations are a bit controversial because they sometimes are used by criminals to hide their identities. However, there should still be an abuse mechanism in place either with the IP address that hosts the particular content or a contact point for the private registration company for people to forward complaints to, he notes.

In other news, Facebook had a recent security glitch, one that resulted in innocent accounts being locked out. Apparently if you login from a different IP address or region, Facebook prompts users to verify who they are. Reasonable enough. But the two options you can choose from to verify your identity - a secret security question or identifying photos of your friends - aren't working well. Even when answered correctly, users were still reporting that they remained locked out of their Facebook pages.