Zoho went down today - Page 2

TenFour · 26 Sep 2018, 05:34 AM

Quote:

Which poses the question, are there others that have fallen foul of this algorithm?

It has always seemed to me that domain registrars are a weak link in our implementation of utilizing our own domains for email and our websites, etc. At least for those of us who don't have the scale to pay for concierge level service from the registrars. For example, I don't believe all registrars offer 2FA and those that do often utilize rather weak systems. You can use the best email in the world, with backups and all, but if your registrar takes your domain down everything grinds to a halt. If it can happen to Zoho it could easily happen to most of us, and chances are it would take a lot longer to resolve.

FredOnline · 28 Sep 2018, 06:30 PM

https://blog.cloudflare.com/cloudflare-registrar/

Cloudflare has actually run a registrar for some time. Like many of our best products, it started by solving an internal issue we had. Cloudflare has several mission-critical domains. If the registration of these domains were ever compromised, it would be, in a word, bad.

For years, we worked with our original domain registrar to ensure these domains were as locked down as possible. Unfortunately, in 2013, a hacker was able to compromise several of the systems of the registrar we used and come perilously close to taking over some of our domains.

That began a process of us looking for a better registrar. Unfortunately, even the registrars that charge hefty premiums and promise to be very secure turn out to have pretty lousy security. We ultimately decided the only way to get the level of security we needed was to build a registrar ourselves.

janusz · 28 Sep 2018, 06:42 PM

Off topic continued:

Quote:

You can't actually register a new domain with the Cloudflare Registrar. Not yet. Today, the service is restricted to existing Cloudflare customers transferring their existing domains to us.

TenFour · 3 Oct 2018, 03:22 PM

Maybe this explains the Zoho incident. Looks like Yandex has a similar exfiltration issue if you scroll down a bit. https://threatpost.com/keyloggers-tu...ration/137868/

28 Sep 2018, 06:30 PM	#17
FredOnline The "e" in e-mail Join Date: Apr 2011 Location: Manchester UK Posts: 2,616	Introducing Cloudflare Registrar https://blog.cloudflare.com/cloudflare-registrar/ Cloudflare has actually run a registrar for some time. Like many of our best products, it started by solving an internal issue we had. Cloudflare has several mission-critical domains. If the registration of these domains were ever compromised, it would be, in a word, bad. For years, we worked with our original domain registrar to ensure these domains were as locked down as possible. Unfortunately, in 2013, a hacker was able to compromise several of the systems of the registrar we used and come perilously close to taking over some of our domains. That began a process of us looking for a better registrar. Unfortunately, even the registrars that charge hefty premiums and promise to be very secure turn out to have pretty lousy security. We ultimately decided the only way to get the level of security we needed was to build a registrar ourselves. Last edited by FredOnline : 28 Sep 2018 at 06:48 PM. Reason: Bold added for emphasis

3 Oct 2018, 03:22 PM	#19
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	Data exfiltration Maybe this explains the Zoho incident. Looks like Yandex has a similar exfiltration issue if you scroll down a bit. https://threatpost.com/keyloggers-tu...ration/137868/