Posts by dotfnord

There must have been something else going on here

There must have been something else going on here. To have had so many high traffic sites successfully socially engineered at about the same time by (presumably) the same group just doesn't pass my smell test. The addendum regarding 'just the (no) fax ma'am' further muddies the water.

I had to deal with Register.com about a decade ago to access a client's lost DNS account password. All it took was a phone call from Canada to the US, which hardly filled me with confidence. Meamwhile the newly assigned password didn't work, however simply hitting the enter key when prompted for the password did the trick. NetSol or NSA, they sure have strange ideas about security.

To an apologist

@ some anonymous coward, who wrote:

>8 years of so called 'unconstitutional' wiretapping?

>Which portion of the constitution is being violated? Reference please.

Much as Wikipedia has a well deserved bad reputation around here, just go there and read the US bill of rights, the first ten amendments to the constitution:

http://en.wikipedia.org/wiki/United_States_Bill_of_Rights

Or read Oliver Wendell Holmes, Jr. US Supreme Court Justice for 30 years who opined that the right most prized by modern man is the right to be left alone.

>Please be so kind as to indicate how monitoring communications that cross

>international borders is any different from the right of customs authorities to

>open and examine parcels and letters at border crossings.

OK, so I'm in Seattle and I send you an email to Palo Alto, does it cross an international border? Entirely possible, even with a thick direct pipe. That's all BS anyway, the NSA has been pulling domestic communications out of the air for more than 30 years based on the sophistry that because it's in the air it isn't on the ground within US borders and is therefore free to monitor.

Thank ghod I'm not in Seattle, I'm Canadian, eh, and you're probably closer to Washington, DC.

This has nasty implications

If it turns out that grepblogs had expired and then been registered by the pr0n industry, we could see others re-registering a domain name of an expiring site that feeds other sites banner ads or other material like javascript. More bang for your buck. What if the material contains a virus, or a keylogger, or creates a botnet? Why have one compromised site when you can have hundreds or thousands for the same work and cost? Online software is replacing home/work based software at an increasing rate, this could turn out badly.

I first wrote about expiring names being used by the pr0n industry back in 2001 (if interested go to ICANNWatch.org and type 'xxx-piring' in the search box at bottom of home page). I brought this to the attention of ICANN's then Chair Vint Cerf and then CEO M. Stuart Lynn and the DNSO-GA. Nothing has changed in the meantime except for the worse. I'm not a purist who says retire expired names forever, but an expired name could and should be washed by keeping it out of circulation for six months and then release it through a randomizer set for +/- 10 days. Dropped telephone numbers aren't immediately reassigned, they are washed for a few months so as not to cause chaos, which is what we have here. The registrars/registries/ICANN want the money NOW. -g