Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.

The report, announced Wednesday during an international meeting of the ICANN (Internet Corporation for Assigned Names and Numbers) in Luxembourg, followed at least two high-profile incidents this year of what is known as domain-name hijacking: one hitting New York-based ISP Panix and another affecting e-mail provider Hushmail Communications Corp.

Domain-name hijacking occurs when someone fraudulently takes control of a domain name, often by masquerading as the legitimate administrative contact for a domain name.

The e-mail addresses of administrative contacts, widely available in the WHOIS database of domain registrations, are used to verify domain-name holders.

The link for this article located at eWeek is no longer available.