Web-Based Office Suite Zoho Taken Offline By Registrar After Alleged Phishing Complaints (techcrunch.com) 66
New submitter atxlakeshore writes: On Monday, ICANN-approved domain registrar Tierra.net turned off access to all Zoho domains, affecting 40 million customers worldwide. Zoho, a web-based office suite company, which provides customer relationship and invoicing services to small businesses, tweeted that the site was 'blocked' earlier in the day by Tierra.Net, which administers its domain name.
Zoho customers affected by the disruption reached out to the registrar's support chat and email. Tierra.net then discussed Zoho's account details with these third parties, claiming that phishing attempts were originating from Zoho's webmail service, and these attempts necessitated blocking the company's domains. Zoho is a privately held India-based competitor to Google's G Suite platform, and maintains US offices in Austin, Texas. The dispute has resulted in calls for censure from ICANN. In a series of tweets, Zoho CEO Sridhar Vembu said TierraNet blocked the domain without "ever notifying us of any issue." He also expressed frustrations at not being able to easily reach out to TierraNet executives.
Zoho customers affected by the disruption reached out to the registrar's support chat and email. Tierra.net then discussed Zoho's account details with these third parties, claiming that phishing attempts were originating from Zoho's webmail service, and these attempts necessitated blocking the company's domains. Zoho is a privately held India-based competitor to Google's G Suite platform, and maintains US offices in Austin, Texas. The dispute has resulted in calls for censure from ICANN. In a series of tweets, Zoho CEO Sridhar Vembu said TierraNet blocked the domain without "ever notifying us of any issue." He also expressed frustrations at not being able to easily reach out to TierraNet executives.
rule of law breaking down. (Score:2, Insightful)
It seems the rule of law is breaking down and the presumption of innocence is no longer required and instant guilt is all that's required.
Re: (Score:3)
I wouldn't be surprised if Tierra.net knows they
Re: (Score:2)
What's taking so long? This aspect of business is ripe for disruption. Think getscapegoat.com - simply let it deep-search through your business data then only seconds after all data has been gathered, by the magic of artificial intelligence, the most plausible scapegoat is found.
CTA: Insulate yourself from consequences, getscapegoat.com now!
Re: (Score:2)
Hmmm. Not going there - it contains the word "goat".
Re: (Score:2)
What's hysterical is people out there in the world working under the assumption presumption of innocence actually exists in places outside the courtroom.
Re: (Score:2)
Speaking of hysterical...look at the protestors.
Re: rule of law breaking down. (Score:2)
"the assumption presumption of innocence actually exists in places outside the courtroom"
Yeah - we KNOW it doesn't exist inside the courtroom.
Re: (Score:2)
If you're bringing Kavanaugh into this unrelated topic, know this. Neither he nor the accuser are in a court case, which defines who is the defendant. So let's just say both are presumed innocent - meaning that the accuser is also innocent of it being a false accusation / slander until proven guilty.
Re: (Score:2)
How does rule of law apply here, there were no legal or law enforcement groups involved?
Someone needs to whip ICANN's ass (Score:1)
Here's something else ICANN will happily do: You know those emails that come once a year asking you to verify your domain registrant contacts? If you fail to click and verify your address (no matter if it hasn't changed in 20 years) ICANN will also suspend your domain. Though the suspension is miraculously immediate, it takes 6-8 hours to be reinstated.
Re: (Score:1)
Re: (Score:2)
That is the moral of the story here, after reading this article I can't imagine anyone here thinking Tierra.net is a good registrar to use. AKA dumb as fuck.
Re: (Score:1)
This is incorrect. First of all it is an ICANN thing for the last 5 years and is baked into the 2013 RAA. You may be using a registrar which hasn't had to renew its accreditation during this time but as soon as they have to re-accredit all of your domains will be subject to this bullshit. People who give answers like you really piss me off because you are smart and ought to know better yet you jump on here and defend this regulatory horseshit because you just want to tell someone else they are wrong. Fuck y
This isn't funny (Score:1)
Millions of business are losing revenue and data because of this. It is ridiculous that a registrar would take such an arbitrary action knowing full well the impact it would have.
Re: (Score:2)
This is exactly why I will not use a cloud service for something vital like this. Yes: it might be cheaper, more convenient, need less administration, ... but if it suddenly goes away and you cannot access your documents -- how much of a business do you have left ? Most of the large vendors seem to be pushing cloud solutions ... I fear a meltdown sometime, not all of it, but enough to badly damage some companies.
So: run your own core IT servers, do your own backups, etc. Be safe.
Re: (Score:2)
Re:Keep DNS and Registrar separate (Score:5, Informative)
How would this help in the given situation? ANYONE can technically setup a DNS server for ANY domain name. It is the registrar which lists either the GLUE record or authoritative DNS servers to use. The registrar can simply offline the record entirely, preventing anyone from even knowing which DNS servers to contact for the needed records.
Migrated Off Zoho (Score:5, Informative)
I had a client using Zoho Apps for a major portion of their infrastructure. It was terrible, with frequent outages, and tech support completely unable to help with anything. It was actually worse than not helping - they would pretend to help, and then burn three weeks of calendar time saying that they could perform a restoration, when they couldn't.
We migrated them off of Zoho, and are grateful to have done so. I wish we would have gotten away from Zoho sooner. They are absolutely terrible, and I feel genuinely sorry for anyone using any portion of their infrastructure.
Re: (Score:1)
Re: Migrated Off Zoho (Score:1)
Re: (Score:1)
o365 is already best ever but combined with browser and sharepoint it exceeds all expectations. Really happy that they made it for us to enjoy. I think so fast and so few hangings editors and excel sheets I had last time in 1993??? Well done.
Re: Migrated Off Zoho (Score:2)
It was an app in Zoho Apps, and I migrated that app's functionality into their existing CakePHP application. It was basically a survey building tool for medical surveys, so we had to keep track of questions, responses, order between questions/sections, and the like. Pretty much basic CRUD was all Zoho handled for the survey building. The responses were handled by the custom application.
A company called iNetU that has been acquired like three times + name changes hosts their virtual server, and the company I [noventum.us]
Re: (Score:2)
Anti-phishing, not the same thing. The article gives only one side of the issue, nothing from TieraNet.
I don't know how Zoho is or what they do, but if phishing emails are originating from their domain then they should be responsible for it and they can't blame it on their customers.
Re: (Score:3)
Zoho are a major cloud provider for office stuff including email.
Sure there might be some people using it for phishing, but I'd wager they are using gmail, yahoo mail, microsoft 365 mail etc etc.
Should they ALSO be taken offline everytime someone abuses the service? We're talking potentially billions of people constantly (Possibly hundreds of times a day) losing access.
I mean how much guilt by association are we talking here?
Congrats, Zoho (Score:3)
You won the lottery.... found a bad domain registrar.
Now I suggest reaching out to CloudFlare or CSC for help transfer your corporate registrar services to; even if it costs $50K a year --- it's better than registering your domain on some fly by night operation ICANN should've discredited for thinking they're the internet police and shutting down domains based on bogus "phishing site" or other charges which have nothing to do with the DNS system.
Re: (Score:2)
Re: (Score:3)
How do you use Google docs for phishing? Do they allow any customer to send phishing email originating from that domain?
(I never use online apps, so I don't know what these services do or allow)
Re: (Score:2)
No, but this is refering to cloud email services. So the better question is "How would you use gmail for phishing". The answer to which is "very easily".
Because thats what we are talking about here. People abusing zohos email service, and then millions of people getting punished for it.
Re: (Score:1)
Zoho a competitor G Suite? (Score:2)
Coincidentally... (Score:2)
"In a series of tweets, Zoho CEO Sridhar Vembu said TierraNet blocked the domain without 'ever notifying us of any issue.' He also expressed frustrations at not being able to easily reach out to TierraNet executives."
Coincidentally, Microsoft and Google announced that carefully-selected business executives have been offered the opportunity to attend multi-week, all-expense-paid team-building retreats at luxury resorts in Thailand and the Bahamas.
Highlights a real danger of using cloud services (Score:3)
The higher the reliance on a centralized cloud, the more "eggs in the same basket" which break on a whim of some paper pusher in a company you don't control, caused by their incompetence, by their own beliefs or by some viral social outrage. Then of course there is "if we loose your data all you get is your monthly subscription cost back for this month", or "sorry, we're not going to fight a government request for your data", "we're shutting down the service, all the content you purchased and/or created is now gone". The industry keep cycling between centralized and decentralized computing. I wonder when the cloud based services are going to go the way of a mainframe.
Re: (Score:2)
No. It highlights the danger of not vetting vendors. There's nothing here cloud specific. A shitty vendor had a poor step with a crappy 3rd party that had the ability (and exercised it) to bring them down.
I mean shit I had this same example on a welding job recently. Company we engaged didn't have the necessary quality control to vet their sub contractors and ensure that they wouldn't suddenly leave them high and dry during a critical day. Fortunately we identified this months ago and had a plan b ready.
The
Re: (Score:2)
Show me one cloud vendor who will pay for actual losses cause by their outages (rather than maybe refund this months fee), or one that will not provide government with data they request or simply provide a back-door. It's nice how many providers claim 99.999% availability but are unable to offer insurance against it assuming those odds (for example break even insurance would be I pay $1 per day, and for outage I get paid $100,000 per day, or $69.4 per minute, if they paid $50/minute of outage and charged $1
Re: (Score:2)
Show me one cloud vendor who will pay for actual losses cause by their outages
Amazon, Microsoft, Google to name a few. Just because you're using a shitty little free service doesn't mean that enterprise contracts don't have very long and strict performance metrics with legal teams on both ends.
or one that will not provide government with data they request or simply provide a back-door.
Rather than asking to prove a negative, you can start by displaying the positive.
It's nice how many providers claim 99.999% availability but are unable to offer insurance against it assuming those odds
And yet that insurance is precisely what is in enterprise contracts.
But ultimately your complaints are completely off point. Before you start incorrectly criticizing the reliability and insurance of cloud based ven
This is totally wrong! (Score:2)
This is totally wrong!
Unless, you know, Zoho was promoting a political opinion I didn't like, or something. In that case de-platforming is totally cool.