lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060224101458.GM80792@DAPCVA.da>
Date: Fri, 24 Feb 2006 11:14:58 +0100
From: Vincent Archer <archer@...ug.org>
To: Geoff Vass <geoff@...zow.com.au>
Cc: Paul Laudanski <zx@...tlecops.com>, bugtraq@...urityfocus.com
Subject: Re: Amazon phishing scam on Yahoo servers


On Wed, Feb 22, 2006 at 05:32:13PM +1030, Geoff Vass wrote:
> Surely someone, somewhere, has to take some responsibility for allowing
> domains to be created which are clearly and obviously bogus. Who could
> possibly have a reason to register paypal-unlocking.net?

Allowing?

Registration of domains is a completely automated process. There are
no humans anywhere in the loop of domain creation and management, unless
there is a technical problem in that process, or the customer has a
problem. I know, I used to work for a mid-size registrar.

Smaller domains (small countries TLD) might have people in the loop,
due to low volume, but theres hundreds of thousand created, deleted
and modified domains in the big three (.com/.net/.org) every day. Almost
none of them comes to human attention from creation to deletion years
after.

> or another. I wonder if it's possible to register a domain with the name
> George W Bush or F. Castro..

Considering then number of domains I've seen registered with a well known
address at the North Pole... you won't have a problem. As I said, no
human will ever set his eyes on your registration, until the time there's
a problem with it (which happened to me, when one of my customers did
ask for a domain transfer, and had problems proving his ownership of the
domain - I kept telling him he obviously wasn't Santa Claus, and I wasn't
moving the domain until I got a copy of Santa Claus' ID)

-- 
Vincent ARCHER - archer@...ug.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ