There is an envelope on the windshield with a note of apology and two tickets to a music concert. The note reads, “I apologize for taking your car, but my wife was having a baby and I had to hot-wire your ignition to rush her to the hospital. Please forgive the inconvenience. Here are two tickets for tonight’s concert of Garth Brooks, the country-and-western music star.”
Their faith in humanity restored, the couple attends the concert and returns home late. They find their house has been robbed. Valuable goods have been taken from throughout the house, from basement to attic. And, there is a note on the door reading, “Well, you still have your car. I have to put my newly born kid through college somehow, don’t I?”

Happy April Fool’s Day!

Like or Dislike: 0  0

http://pinoysecurity.blogspot.com/2010/02/wwwnsagov-hacked.html

Like or Dislike: 0  0

If I were Rod B., our former CyberSecurity Czar, I’d be asking these three staffers at the ICANN team some tough questions. Maybe Howard S. and Keith A. can sit in?

What if the registrars were subjected to the same international laws that banks must comply with that address KYC and Anti-Money Laundering Statutes? “Knowing Your Customer” compliance / enforcement should be put in the hands of the same entities who are responsible for transnational economic crime. The nexus of the Internet, Organized Crime (RBN) and people like King Arthur, Bra1n and others who are being protected by nations states remains the primary challenge. Just another layer of due diligence could result in the same treatment as EST Domains.

See Page 232-234 in the book “Fatal System Error” by Joe M. for more.
==================

John J. – General Counsel

John brings 18 years of legal and business experience in the technology and entertainment industries to this position and has provided services to individuals, non-profits/trusts, and companies (from startups to Fortune 500 companies) as a dealmaker, litigator, corporate and intellectual property lawyer, and business executive.

==================

Greg R. – Chief Internet Security Advisor

Greg joined ICANN in July 2008 as Chief Internet Security Advisor where he provides expertise on security matters both external and internal while managing the Security group.

==================

Yurie I. – Director, Global Security Programs

Yurie joined ICANN in April 2008 as Director, Global Security Programs where she leads ICANN’s involvement in collaborative response activities and works with ICANN partner organizations and stakeholders at global and regional levels in implementing ICANN security, stability and resiliency programs.

Well-loved. Like or Dislike: 6  0

OTOH, in the brief time I’ve been reporting domains, I’ve seen dramatic changes in the way individual registrars deal with fraudulent registrations. Registrars like HKDNR, Gandi, Directi and TodayNIC have gone from being some of the worst to being some of the best. OnlineNIC is potentially on the brink of cleaning up. So I’d favor patient, persistent education so that when they make the decision to stop tolerating this crap (or the Chinese government makes the decision for them), they’ll have some idea how to go about changing their procedures.

Also, remember that hiring someone truly fluent in English is an expensive proposition in China. The help desk people are probably really struggling to understand a lot of what we send them.

Like or Dislike: 2  0

@Alpha We’re definitely on the same page here.
Actually I got two responses. The first was unbelievably stupid.

I gave them a reference to the phishtank report on the fraud so they could see the entire URL with their registered domain and the screen shot of the fake Chase bank page. The response I got was: “Sorry, we are not the registrar for phishtank”.

I replied back typing very slowly “I know you are not the reg..is..strar for …” (you get the picture). The response about proving it was then from a different person. I replied back again hoping to copy Chase on it, but couldn’t find a good Chase email address.

In my last reply I summed up our correspondence to that point and made a list of all the things they should have checked, the last being that if the registrant was claiming to be Chase bank then the registrant should prove he is indeed acting on behalf of JPMorgan, that the burden of proof was on the registrant and the registrar not on me.

And I’m sure you’ve seen this type of registrant ‘whois’ information before. The information supplied could only be described as ‘cocky’, like they were trying to show that they could supply the most absurd information and still get registered, which of course they could and did.

I didn’t get a response to my last email which I must admit was not intended to be polite. The site is down, the domain was still registered last time I looked.

I still think we’re going too easy on the registrars. That’s why I think the contract with ICANN has to be strengthened.

If I bought a Glock handgun in a mall and shot four people trying to load it and explained to the police that I really was just learning how to use it, that explanation would not go over too well.

The registrars have the same power in their hands to inflict damage as has been shown by the many articles Brian has written. If they can’t handle it they shouldn’t be in the business. I know registrars who can handle it very well. They have tools which provide them feeds on fraud. OpenDNS provides a free feed and some use netcraft.

If they can’t take down a domain in a reasonable length of time after it’s been shown to be fraudulent they just simply shouldn’t be allowed to register domains. And this means they should be available to take domains down 24/7, not just prime shift 5 days a week. It is too serious an issue to be handled when they can get around to it.

Thanks for the Chase link.

Well-loved. Like or Dislike: 6  0