A Deep Dive on the Recent Widespread DNS Hijacking

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Tue Feb 26 02:02:11 UTC 2019

On Mon, 25 Feb 2019 18:23:44 -0700, Paul Ebersman said:

> Agreed. But this also gets down to the risk vs hassle tradeoff. Joe's
> Bait & Tackle Shop probably isn't getting attacked by nation states who
> can hack SS7, so SMS text might be good enough. And certainly better
> than just an 8 char plain text password.

So what registries/registrars are supporting 2FA that's better than SMS?
Or since 98% of domain names are Bait&Tackle type, is nobody bothering
to support something for the 2% that could use it?

Or is there a business opportunity lurking here? :)

More information about the NANOG mailing list