Re: FC: More on hoopla.com domain reportedly stolen via fax to Verisign

[InfoSec News <isn () c4i org>]

Forwarded from: Gordon Smith <gordon_s_smith () hotmail com>

At the time that a domain owner requests a domain lock, the domain
registrar should verify the claim of domain ownership.  Otherwise, the
domain thief could profit from the very mechanism intended to protect
the legitimate domain owner by locking stolen domains, thus impeding
any subsequent ownership resolution process.

In an ideal world, the registrar asked to lock a domain would verify
the complete chain of ownership back to the original issuance of the
domain.  Original documents and other reliable authorities would be
inspected, rather than merely contacting each previous registrar in
the chain in search of a "rubber stamp" of a transfer record that
presumes the legality of a previous domain transfer; however, I
anticipate that such a search may be onerous.

It would be helpful if a protocol that combines a reliable level of
assurance with a high level of automation could be created to verify
the chain of ownership.

Thank you for the opportunity to express my thoughts.

Gordon Smith
gordon_s_smith () hotmail com





----Original Message Follows----
From: InfoSec News <isn () c4i org>
Reply-To: InfoSec News <isn () c4i org>
To: isn () attrition org
Subject: [ISN] FC: More on hoopla.com domain reportedly stolen via fax to 
Verisign
Date: Tue, 16 Apr 2002 02:29:42 -0500 (CDT)

---------- Forwarded message ----------
Date: Sat, 13 Apr 2002 09:24:51 -0700
From: Declan McCullagh <declan () well com>
To: politech () politechbot com
Subject: FC: More on hoopla.com domain reportedly stolen via fax to Verisign


---

From: admin () consumer net (admin)
To: <declan () well com>, <twinset () cardigan com>
Subject: RE: Domain heist: Hoopla.com reportedly stolen via fax to Verisign
Date: Sat, 13 Apr 2002 00:43:11 -0400
Message-ID: <005401c1e2a5$b76ab730$2b483244@CJ52269B>

The attorney at VeriSign (Network Solutions) who handles these cases is
Phil Sbarbaro at phils () verisign com.  What the issue is that they get
fax authorizations to update the admin contact all the time because
people let their domain records become outdated.  Then there is the
question of how much work does NSI do in order to verify the
authenticity of the fax and/or use due dilligence to correct the matter.

As for getting the domain back via legal means there are generally 2
ways to do that.  One is the Dispute Policy (UDRP) where the owner would
claim trademark rights or a court order. john () johnberryhill com is

Many registrars are now allow users to use "registry locking" which is
essentially the same as locking in your long distance carrier with your
local phone company.

Russ Smith
http://TheNIC.com


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.