Next-generation Domain Name Hijacking (different from using email hijacking)

Next-generation Domain Name Hijacking (different from using email hijacking)
Remember the hijacking of the domain names of major websites in the second half of 2007.EmailThis time, the main character should be regardedMobile phone numberRight.

The old domain name management can change the binding information through email, which leads to domain name hijacking in a large area last year (not the hijacking of operators, such as China Netcom and China Telecom ). But another vulnerability.

It is a great effort to enhance the security of domain name accounts by domain name providers.
To put it short, bind a mobile phone to the Internet of the Times. below is my conversation with customer service.

You can check it out later,In the end, I am sure that my domain name account can be fully controlled by the old mobile phone number even if I have not bound the new mobile phone number and the old mobile phone number cannot be controlled.The delay of the SMS gateway or the untrusted nature of the SMS gateway makes it possible to use the mobile phone binding service to hijack the domain name and threaten other services bound to the account.
Because the services provided by "they" are too powerful.
Look at the function list of Mobile Service: https://www.now.cn/user/mobileService.net

1. Mobile phone account binding Service

2. Unbind a mobile phone

3. Change the bound mobile phone service

4. User Password initialization Service

5. Product Renewal Service

6. Domain Name Renewal Service

Very comprehensive.

At present, domain names should not be hijacked using mobile phones. (after all, this is a big coincidence. Generally, "hackers" should not be interested in this ), however, it is undeniable that the security of the domain name is not guaranteed during this uncontrollable period. It can be used by others with ulterior motives. It is not impossible for some shameless people to rob the domain name and then extort money.

If your domain name is hijacked, you can contact the Customer Service of the domain name provider as soon as possible to help you find a solution. If not, let's see if our legal weapons can be used !!!

The content below is true. I just modified it. My conversation ID and the mobile phone number mentioned in it.

Hello! This is the free global hotline for Internet of times. The latest announcement: If you buy a product, I will send the CN Domain Name, happy to go to heaven;. MoBi is the lowest price in China! 168 for the first year; VIP privilege (exclusive domain name transfers ownership in real time, Owner information change, exclusive monthly preferential product)
Line Li Hong, connecting. Please wait...
Dear customer, 123 * Welcome to the customer service line Li Hong
Lihong said: [15:38:45]
Hello! What can I do for you?
123 * Description: [15:39:42]
Hi!
Lihong said: [15:39:16]
Hello,
123 * Description: [15:40:49]
How can I change the bound mobile phone number for my domain name?
Lihong said: [15:40:33]
You are in the control center, domain name management, and then Operation Management
123 * Description: [15:42:01]
Then
Lihong said: [15:42:08]
Open it and check the domain Owner information.
Lihong said: [15:42:14]
You try to see if you can change it,
123 * Description: [15:43:23]
Okay.
123 * Description: [15:45:05]
Shira
Lihong said: [15:44:26]
Hmm
Lihong said: [15:44:28]
Okay,
Lihong said: [15:44:34]
Thank you for your advice. Do you have any help?
123 * Description: [15:45:28]
But that's just a domain name.
Lihong said: [15:45:05]
You can change the phone number in the contact information of the control center,
123 * Description: [15:46:07]
Which account should be bound to the mobile phone?
123 * Description: [15:46:35]
The bound mobile phone number can still be displayed.
Lihong said: [15:45:55]
Modify the contact information in the control center,
123 * Description: [15:46:56]
Mobile phone number + 86.13900000000 (mobile phone bound)
123 * Description: [15:47:06]
I have changed the number !!
123 * Description: [15:48:00]
I also sent a text message, but I didn't receive a successful response text message.
Lihong said: [15:48:59]
You haven't received it yet, or try again later,
123 * Description: [15:49:54]
What should I do?
123 * Description: [15:50:04]
I sent two
123 * Description: [15:50:34]
RBM #13800000000
Lihong said: [15:50:23]
If not, try again tomorrow,
Lihong said: [15:50:32]
Thank you for your call. We hope you will have a chance to help you.
123 * Description: [15:51:26]
!!
Lihong said: [15:50:39]
Goodbye!
The line is disconnected.
Repeated redials are not allowed within 10 seconds!
You can Redial it again!
Dear Customer 123 *, You can rate this customer service!
Replay! Please wait!
Dear customer, 123 * Welcome to the customer service line Li Hong
Lihong said: [15:51:24]
Hello! What can I do for you?
123 * Description: [15:52:24]
Is there any error in my operation?
Lihong said: [15:51:43]
No text message is received on the mobile phone. I cannot handle it here.
123 * Description: [15:52:46]
?
Lihong said: [15:52:11]
It's okay if you follow the face-to-face prompts,
123 * Description: [15:53:17]
But I'm not sure if it's correct.
123 * Description: [15:53:58]
Do I use the old mobile phone number or the new number to change the binding?
Lihong said: [15:54:27]
The current
123 * Description: [15:55:21]
I have seen that my login number and password may be changed by the original mobile phone number during the time when I changed the binding.
Lihong said: [15:54:37]
Which of the following processes can be used,
123 * Description: [15:55:43]
But how is it so slow?
123 * Description: [15:56:08]
This is a vulnerability.
Lihong said: [15:55:43]
Can you contact our after-sales technical department?
Tel: 0756-3810500 3810501 3810502 3810503
123 * Description: [15:56:51]
Just as the original domain name management can be changed through email
123 * Description: [15:57:09]
I don't want
Lihong said: [15:56:43]
Then, you can call them over the Internet,
Lihong said: [15:58:47]
Thank you for your consultation! Thank you!
Lihong said: [15:58:50]
Goodbye!
The line is disconnected.
Repeated redials are not allowed within 10 seconds!
You can Redial it again!
Dear Customer 123 *, You can rate this customer service!
Replay! Please wait!
Dear customer, 123 * Welcome to the customer service line Li Hong
Lihong said: [15:59:37]
Hello! What can I do for you?
Lihong said: [16:00:04]
Http://www.now.cn/customer/moreline.net
Lihong said: [16:00:10]
You open this,
123 * Description: [16:01:17]
I will try to fix this vulnerability later.
Lihong said: [16:00:32]
Some Technical Departments support online telephones,
123 * Description: [16:01:26]
Depressing
Lihong said: [16:00:42]
I cannot operate here,
Lihong said: [16:00:55]
We do not have permission to operate,
123 * Description: [16:03:42]
Okay.
123 * Description: [16:03:50]
Let me check it out first.
The line is disconnected.
Repeated redials are not allowed within 10 seconds!
You can Redial it again!
Dear Customer 123 *, You can rate this customer service!

From: a new generation of Domain Name Hijacking (different from using email hijacking)

Wiki:Next-generation Domain Name Hijacking (different from using email hijacking)

In the end, you are welcome to give suggestions to interested parties. check what is beyond your control in your domain name management and what may cause loss of domain name management right @_@, I would also like to say that I am sorry.