ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic
Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

    •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

    • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


    		 
    Security Security Risks from Bogus Whois Problem Reports
    posted by Mueller on Monday November 08 2004, @03:54PM

    Ron_Bennett writes "Bogus "Whois Problem Reports" are increasingly going from being an annoyance to being a real security risk. Some recent incidents I've experienced due to Whois Problem Reports *merely* being filed:

    * Dotster, about two weeks ago, threatened to delete a domain if I didn't respond.
    * BulkRegister, just yesterday, threatened to suspend a domain if I didn't respond within 5 calendar days.

    What good are Whois Problem Reports when anyone can file one and there is virtually no screening performed to ensure such reports have any validitity to them; reports filed on some of my domains claimed everything was wrong, including the expiration date - what!? Talk about pure nonsense!



    As of now, if one wants to cause a registrant problems, all they need to do is file bogus reports at the Internic link below (it's so easy, it's frightening!) - heck, if someone really wanted to be deviant, they could spread a virus that sends bogus Whois Problem Reports from hijacked computers...

    http://wdprs.internic.net/

    In addition, some registrars, such as GoDaddy, charge a fee to the registrant for *merely* reviewing a Whois Problem Report for a particular domain, regardless of whether the report is valid - see links below for more details:

    http://www.dnforum.com/showthread.php?t=67862

    http://www.webhostingtalk.com/showthread.php?s=&th readid=328696&perpage=15&pagenumber=1

    There is much talk about the transfer policy changes and security, yet bogus Whois Problem Reports is a security risk many times worse.

    Some ICANN policy changes are needed pronto regarding Whois Problem Reports...

    1. Requiring more than just a name and email for people making complaints - they should have to provide a postal address that's verifyable and/or some other information.

    2. Screening of such reports - permit registrars, if they're not already, to toss out Whois Problem Reports that they feel are invalid without involving the registrant; stop wasting their time over this nonsense.

    3. A standard on how registrars handle Whois Problem Reports

    * including a reasonable time for the registrant to respond, such as 30 calendar days, before any action is taken ... as of now, some registrars do little while others suspend domains within only a few days - so if one goes away on holiday, they could very likely come back and find their domains suspended/deleted.

    Something needs to be done before bogus Whois Problem Reports get any further out of hand ..."

    (Belated) Response to Tim Berners-Lee on New TLDs | First .aero UDRP Case  >

    		 
      ICANNWatch Login  
    Nickname:

    Password:

    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

     
      Related Links  
    · ICANN
    · http://wdprs.internic.net/
    · http://www.dnforum.com/showthr ead.php?t=67862
    · http://www.webhostingtalk.com/ showthread.php?s=&th readid=328696&perpage=15&a mp;pagenumber=1
    · Ron_Bennett
    · More Security stories
    · Also by Mueller
     
    Security Risks from Bogus Whois Problem Reports | Log in/Create an Account | Top | 2 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Bingo
    by fnord (reversethis-{moc.oohay} {ta} {k2yorg}) on Tuesday November 09 2004, @05:44PM (#14433)
    User #2810 Info
    Being the (now mostly former) resident net prophet, this is exactly what I predicted would happen, both on the old DNSO-GA list, their archive search appears broken so I can't point to it without a lot of hassle, and here on ICANNWatch, where the search function isn't broken, it just doesn't seem to parse the archives from prior to the major software change here, so again you'll have to take my word for it. It was obvious at the time to even the terminally clueless (as I also pointed out on the DNSO-GA list, and surprise, it's even in the archives here [icannwatch.org] that picking up deleted domains, and no longer thinking up and registering and offering for sale my-kewl-name-and-it-is-for-sale.com was where the money was (at least allegedly, most of that past and present get rich quick crap is, always has been, and probably always will be just registrars/registries/ICANN selling ocean waterfront property at low tide).

    So, as I suggested at the time, mebbe you want to pick up a deleted domain, but it isn't deleted. No problemo. You rat them out for supposed false WHOIS data, they fail to respond in time (perhaps because you've letterbombed or virused or social engineered them into non-compliance), and you've got a claim on it thru one (or all, if it's important enough or VeriSign has a monopoly on it) drop service and hey presto, you now own hotmail.com (which was previously accidentally dropped if you know your DNS history) or whatever.

    But wait, it gets worse, now you have registrars picking up the deleted domains themselves to sell at a greater profit (as I predicted at the above link), primarily to the online pr0n and gambling industries, so of course they have an incentive to see the name drop for bogus reasons. Again, as I pointed out away back, songbird.com registrant (and ICANN apologist, and later staffer, Kent Crispin) had inaccurate WHOIS data. I may well have been the first to use the ICANN link to rat anyone out (like everything else they do, their provided link didn't work for awhile so I kept monitoring it). I never received any notification in response and the WHOIS data remained uncorrected for months. I also pointed this out here and there and someone explained to me patiently that that was a fault with the registrar software. I guess we now have incentive for more faults than San Andreas. Sadly, songbird.com now has a different registrar and appears to have been corrected, and not being a hearing aid company [songbirdstore.com] I probably can't get it from him via the UDRP. Shucks. Too bad no-one appears to be listening to my warnings (and BTW John Berryhill said many of the same things), which is why in matters ICANNian I'm now mostly in formal wear. -g

    [ Reply to This | Parent ]
    • 1 reply beneath your current threshold.


    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml.