[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    Re: [ISN] FC: More on hoopla.com domain reportedly stolen via fax
From:       InfoSec News <isn () c4i ! org>
Date:       2002-04-25 8:06:16
[Download RAW message or body]

Forwarded from: Gordon Smith <gordon_s_smith@hotmail.com>

At the time that a domain owner requests a domain lock, the domain
registrar should verify the claim of domain ownership.  Otherwise, the
domain thief could profit from the very mechanism intended to protect
the legitimate domain owner by locking stolen domains, thus impeding
any subsequent ownership resolution process.

In an ideal world, the registrar asked to lock a domain would verify
the complete chain of ownership back to the original issuance of the
domain.  Original documents and other reliable authorities would be
inspected, rather than merely contacting each previous registrar in
the chain in search of a "rubber stamp" of a transfer record that
presumes the legality of a previous domain transfer; however, I
anticipate that such a search may be onerous.

It would be helpful if a protocol that combines a reliable level of
assurance with a high level of automation could be created to verify
the chain of ownership.

Thank you for the opportunity to express my thoughts.

Gordon Smith
gordon_s_smith@hotmail.com





----Original Message Follows----
From: InfoSec News <isn@c4i.org>
Reply-To: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] FC: More on hoopla.com domain reportedly stolen via fax to 
Verisign
Date: Tue, 16 Apr 2002 02:29:42 -0500 (CDT)

---------- Forwarded message ----------
Date: Sat, 13 Apr 2002 09:24:51 -0700
From: Declan McCullagh <declan@well.com>
To: politech@politechbot.com
Subject: FC: More on hoopla.com domain reportedly stolen via fax to Verisign


---

From: admin@consumer.net (admin)
To: <declan@well.com>, <twinset@cardigan.com>
Subject: RE: Domain heist: Hoopla.com reportedly stolen via fax to Verisign
Date: Sat, 13 Apr 2002 00:43:11 -0400
Message-ID: <005401c1e2a5$b76ab730$2b483244@CJ52269B>

The attorney at VeriSign (Network Solutions) who handles these cases is
Phil Sbarbaro at phils@verisign.com.  What the issue is that they get
fax authorizations to update the admin contact all the time because
people let their domain records become outdated.  Then there is the
question of how much work does NSI do in order to verify the
authenticity of the fax and/or use due dilligence to correct the matter.

As for getting the domain back via legal means there are generally 2
ways to do that.  One is the Dispute Policy (UDRP) where the owner would
claim trademark rights or a court order. john@johnberryhill.com is

Many registrars are now allow users to use "registry locking" which is
essentially the same as locking in your long distance carrier with your
local phone company.

Russ Smith
http://TheNIC.com


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]