Subscribe to RSS Feed

04|14|2012 04:40 pm EDT

ICANN Issues additional statement regarding new TLD Application System Bug

by Frank Michlick in Categories: new gTLDs

ICANN’s COO, Akram Atallah, has emailed a new statement today regarding the sercurity issue in the TLD Application System (TAS), which allowed at least some users of the system to view file names from submissions of other applicants. Apparently the problem was first identified by a user on March 19th, 2012 and addressed only after a scheduled maintenance on April 12th, 2012, 24 days after the first report. This information was uncovered during a preliminary review of thousands of customer service inquiries received since the opening of the system.

ICANN goes on to say:

Although we believed the issues identified in the initial and subsequent reports had been addressed, on 12 April we confirmed that there was a continuing unresolved issue and we shut down the system.

[…]

We recognize the importance of reopening the application system as soon as possible. We will announce no later than 23:59 GMT/UTC on Monday, 16 April, whether we will be able to reopen on Tuesday, 17 April 2012.

See the full email after the jump.

TAS Interruption – Update (14 April 2012 06:50 UTC)

Statement by Akram Atallah, COO

14 April 2012

As we have reported, ICANN has learned of a technical issue with the TLD application system software, or TAS, that allowed a limited number of users to view some other users’ file names and user names in certain scenarios. We temporarily shut the system down on 12 April 2012 to protect applicant data, and to look into the technical issue and fix it.

As part of that process, we are sifting through the thousands of customer service inquiries received since the opening of the application submission period. This preliminary review has identified a user report on 19 March that appears to be the first report related to this technical issue.

Although we believed the issues identified in the initial and subsequent reports had been addressed, on 12 April we confirmed that there was a continuing unresolved issue and we shut down the system.

We are still aggressively looking into the issue, and we will publish additional information as soon as it can be confirmed.

We recognize the importance of reopening the application system as soon as possible. We will announce no later than 23:59 GMT/UTC on Monday, 16 April, whether we will be able to reopen on Tuesday, 17 April 2012.

Thank you for your patience as we work to resolve this issue.

Tags: , , , , , ,

3 Comments

Icannobserver

April 14, 2012 @ 6:09 pm EDT

The fact that this bug was reported and not dealt with properly for over 3 weeks is an  unconscionable act on the part of ICANN staff responsible for securing this process. I would be very disturbed if this is “swept under the rug” and, frankly, this cannot be excused with a public apology.

If something like this happend with one of ICANN contracted parties it would most certainly  would be considered a major contract breach and dealt with very harshly by ICANN’s compliance staff.

The responsability untimately lies with the CEO and he should resign immediately.  If this was a key government agency of any major government the immediate resignation of the head of this agency would be called for.  Ultimately, the buck stops at the feet of the CEO !!

ImFM

April 14, 2012 @ 6:13 pm EDT

 @716ed200944c7f9118214bdb3fa6964c:disqus I echo your sentiments that ICANN would not be willing to accept a similar “breach” from one of the accredited registrars. However regarding the CEO resigning – you know he’s on his way out already, right?

I understand that issues like this can happen, but I do have to wonder how extensively the new system was tested and who developed it.

Jp

April 14, 2012 @ 10:43 pm EDT

You know these big organizations, even if there is a privacy breach nothing can be done about it without it going through countless committees and reviews first and a consensus vote to stop breaching everyone’s private information.

RSS feed for comments on this post · TrackBack URI

Leave a Reply