Information Security News mailing list archives
Re: FC: More on hoopla.com domain reportedly stolen via fax to Verisign
From: InfoSec News <isn () c4i org>
Date: Thu, 25 Apr 2002 03:06:16 -0500 (CDT)
Forwarded from: Gordon Smith <gordon_s_smith () hotmail com> At the time that a domain owner requests a domain lock, the domain registrar should verify the claim of domain ownership. Otherwise, the domain thief could profit from the very mechanism intended to protect the legitimate domain owner by locking stolen domains, thus impeding any subsequent ownership resolution process. In an ideal world, the registrar asked to lock a domain would verify the complete chain of ownership back to the original issuance of the domain. Original documents and other reliable authorities would be inspected, rather than merely contacting each previous registrar in the chain in search of a "rubber stamp" of a transfer record that presumes the legality of a previous domain transfer; however, I anticipate that such a search may be onerous. It would be helpful if a protocol that combines a reliable level of assurance with a high level of automation could be created to verify the chain of ownership. Thank you for the opportunity to express my thoughts. Gordon Smith gordon_s_smith () hotmail com ----Original Message Follows---- From: InfoSec News <isn () c4i org> Reply-To: InfoSec News <isn () c4i org> To: isn () attrition org Subject: [ISN] FC: More on hoopla.com domain reportedly stolen via fax to Verisign Date: Tue, 16 Apr 2002 02:29:42 -0500 (CDT) ---------- Forwarded message ---------- Date: Sat, 13 Apr 2002 09:24:51 -0700 From: Declan McCullagh <declan () well com> To: politech () politechbot com Subject: FC: More on hoopla.com domain reportedly stolen via fax to Verisign --- From: admin () consumer net (admin) To: <declan () well com>, <twinset () cardigan com> Subject: RE: Domain heist: Hoopla.com reportedly stolen via fax to Verisign Date: Sat, 13 Apr 2002 00:43:11 -0400 Message-ID: <005401c1e2a5$b76ab730$2b483244@CJ52269B> The attorney at VeriSign (Network Solutions) who handles these cases is Phil Sbarbaro at phils () verisign com. What the issue is that they get fax authorizations to update the admin contact all the time because people let their domain records become outdated. Then there is the question of how much work does NSI do in order to verify the authenticity of the fax and/or use due dilligence to correct the matter. As for getting the domain back via legal means there are generally 2 ways to do that. One is the Dispute Policy (UDRP) where the owner would claim trademark rights or a court order. john () johnberryhill com is Many registrars are now allow users to use "registry locking" which is essentially the same as locking in your long distance carrier with your local phone company. Russ Smith http://TheNIC.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- FC: More on hoopla.com domain reportedly stolen via fax to Verisign InfoSec News (Apr 16)
- <Possible follow-ups>
- Re: FC: More on hoopla.com domain reportedly stolen via fax to Verisign InfoSec News (Apr 25)