RE: [DNS] Young Mr Guy

RE: [DNS] Young Mr Guy

From: Sally Jonas <sally_jonas§yahoo.co.uk>
Date: Wed, 23 Jul 2003 03:06:38 +0100 (BST)
> 
> After control of the AUNIC Registry was moved to auDA, auDA made the
> decision to stop the uncontrolled access to the database.  This made things
> more difficult for scammers, as they had to work from old copies of the
> database which were gradually going out of date, or try and keep them
> up-to-date by querying aunicstatus for the latest data.
> 
This is a misconception. The way ausRegistry has structured and developed the new Whois database
has infact made it easier for scammers to maintain and update their copies of the database.

> Restrictions were also introduced on the number of queries entities could
> make.  This also made life harder for dodgy operators.  But, data fields
> such as the 'expiry date' were still visible.
> 
It takes only a few lines of code to circumvent the number of queries restriction

> When the .au Registry was moved to the new AusRegistry system, the 'expiry
> date' (the critical field used by scam 'domain name renewal' operators) was
> no longer visible - making things still more difficult for the dodgy folks.
> 

While the 'expiry date' no longer is available it doesn't take a genius to work out expiry dates.
a) renewals are based on a 2 year cycle so the renewal dates fr the 300,000 domains previously
registered to july 2002 can be simply calculated.
b) it is fairly simple to, for example, work out what names where registered this week.

> 
> 
> So the history of the .au Registry under auDA's supervision is a history of
> changes that have gradually made things much more difficult for shonky
> domain name renewal operators.
> 
> 

Again the opposite infact it now makes it easier.

Perhaps ausRegistry should spend some of their well publicised profits into creating a secure
system. If they are not aware of the flaws inbuilt into their systems then we should all be
concerned.

Perhaps auDA should consider making the whois database available only to registered entities. 

The current system is open to abuse and while auDA has some control over domain name scammers it
still leaves the whois database open to spammers (A bigger problem for the average user).
Unfortunately this leads to government policies being put in place which IMHO restrict freedom of
individuals. I'm sure Josh will disagree on this one.

Sally


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC