All,

Please elaborate on how it is easier now than it was two years ago to
mine the .au database.

I am extremely confident that the system has maintained and will
continue to maintain significant advantages over what existed
previously.

The integrity of the database is our primary concern... and believe me -
it is intact!

Please feel free to contact Chris Wright (CTO). He is happy to hear how
you are able to obtain any information - in fact challenges you to tell
him so. 

Adrian Kinderis
MD - Sales and Marketing
Level 6, 10 Queens Rd
Melbourne Victoria 3004
P: 03 9866 3710
F: 03 9866 1970
E: adriank§ausregistry.com.au
W: www.ausregistry.com.au

-----Original Message-----
From: Sally Jonas [mailto:sally_jonas§yahoo.co.uk] 
Sent: Wednesday, July 23, 2003 12:07 PM
To: dns§lists.auda.org.au
Subject: RE: [DNS] Young Mr Guy


> 
> After control of the AUNIC Registry was moved to auDA, auDA made the
> decision to stop the uncontrolled access to the database.  This made
things
> more difficult for scammers, as they had to work from old copies of
the
> database which were gradually going out of date, or try and keep them
> up-to-date by querying aunicstatus for the latest data.
> 
This is a misconception. The way ausRegistry has structured and
developed the new Whois database
has infact made it easier for scammers to maintain and update their
copies of the database.

> Restrictions were also introduced on the number of queries entities
could
> make.  This also made life harder for dodgy operators.  But, data
fields
> such as the 'expiry date' were still visible.
> 
It takes only a few lines of code to circumvent the number of queries
restriction

> When the .au Registry was moved to the new AusRegistry system, the
'expiry
> date' (the critical field used by scam 'domain name renewal'
operators) was
> no longer visible - making things still more difficult for the dodgy
folks.
> 

While the 'expiry date' no longer is available it doesn't take a genius
to work out expiry dates.
a) renewals are based on a 2 year cycle so the renewal dates fr the
300,000 domains previously
registered to july 2002 can be simply calculated.
b) it is fairly simple to, for example, work out what names where
registered this week.

> 
> 
> So the history of the .au Registry under auDA's supervision is a
history of
> changes that have gradually made things much more difficult for shonky
> domain name renewal operators.
> 
> 

Again the opposite infact it now makes it easier.

Perhaps ausRegistry should spend some of their well publicised profits
into creating a secure
system. If they are not aware of the flaws inbuilt into their systems
then we should all be
concerned.

Perhaps auDA should consider making the whois database available only to
registered entities. 

The current system is open to abuse and while auDA has some control over
domain name scammers it
still leaves the whois database open to spammers (A bigger problem for
the average user).
Unfortunately this leads to government policies being put in place which
IMHO restrict freedom of
individuals. I'm sure Josh will disagree on this one.

Sally


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

------------------------------------------------------------------------
---
List policy, unsubscribing and archives =>
http://www.auda.org.au/list/dns/
Please do not retransmit articles on this list without permission of the

author, further information at the above URL.  (350 subscribers.)