Guest
because of its nature and implications, i've moved the thread into the moderators forum so that a decision can be made by dan about whether this information should be public on this board.
Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
- Status
Guest
That is, of course the choice of the moderators and Dan, but personally I'd be disappointed if the thread was removed.
It presented an interesting element of domain registrations, and a hole in the system.
This was not some kind of "inside" information, but a public discovery. Holes in major commercial software (and security systems) are discovered and posted publically all the time.
So far, the moderation at DNF has been even-handed, but removing a thread like this that was not illegal in itself, just because it contained information that could be used for fraudulent activity, strikes me as crossing the line into censorship.
Unless this put the owner and/or moderators of DNF at some sort of legal risk, I don't think the thread should be deleted or disallowed.
Miles
It presented an interesting element of domain registrations, and a hole in the system.
This was not some kind of "inside" information, but a public discovery. Holes in major commercial software (and security systems) are discovered and posted publically all the time.
So far, the moderation at DNF has been even-handed, but removing a thread like this that was not illegal in itself, just because it contained information that could be used for fraudulent activity, strikes me as crossing the line into censorship.
Unless this put the owner and/or moderators of DNF at some sort of legal risk, I don't think the thread should be deleted or disallowed.
Miles
- Joined
- Jun 10, 2002
- Messages
- 538
- Reaction score
- 0
On a privately owned forum, the owner is completely within his rights to censor any information he chooses.
Posting methods of stealing domain names in a how-to fashion is not beneficial to the hundreds or thousands of domain owners who may be harmed by it. You can achieve the same benefit you seek by instead ADVISING domain owners to make sure their contact information is accurate.
Posting methods of stealing domain names in a how-to fashion is not beneficial to the hundreds or thousands of domain owners who may be harmed by it. You can achieve the same benefit you seek by instead ADVISING domain owners to make sure their contact information is accurate.
H
hyperi0n
Guest
So why post it in the first place?
H
hyperi0n
Guest
Sorry Brujah....I wasn't implying that you did.
- Joined
- Apr 5, 2002
- Messages
- 351
- Reaction score
- 0
I see safesys' dilemma, but I agree with Namethink: It should be left alone.
Loopholes should be filled, and pressure applied to change the system. Those reading the thread will consider their own holes, and make changes. Word will get around about the holes.
There is an additional obvious threat: re-registering old hotmail/yahoo addresses that owners have let expire but the whois still shows that addy. All the ways should be made public, despite the risk.
As an example, my Escrow "How to Get Screwed" thread has generated tremendous awareness, especially within escrow.com. I'm certain that changes are on the way as a result.
Anyway, tough call, but the thread should stay.
Loopholes should be filled, and pressure applied to change the system. Those reading the thread will consider their own holes, and make changes. Word will get around about the holes.
There is an additional obvious threat: re-registering old hotmail/yahoo addresses that owners have let expire but the whois still shows that addy. All the ways should be made public, despite the risk.
As an example, my Escrow "How to Get Screwed" thread has generated tremendous awareness, especially within escrow.com. I'm certain that changes are on the way as a result.
Anyway, tough call, but the thread should stay.
Guest
And what about anyone who loses a domain in the interim thanks to any opportunist impulses derived from the thread? Thats the part I am uncomfortable with.
To my mind, it wasn't so much the content of the thread, as to the way it was delivered. It didn't read like an advisory - it read like an exploit.
To my mind, it wasn't so much the content of the thread, as to the way it was delivered. It didn't read like an advisory - it read like an exploit.
Guest
So now we need a DNF style guide?
Like I said before...if the post contained inside information that wasn't available to the public, or put the owner/moderators of this forum at some legal risk, then I could understand it being removed.
But just because it contained information that could be used for fraudulent activity...and was written with racy, exploit-like undertones (hello New Journalism!)...doesn't mean it should get banned.
There's a difference between moderating and babysitting. I don't think it serves this site to have the people who run act as moral guardians.
And as I and DnP pointed out, it does good to expose this kind of hole in the system. That's the way such holes get plugged.
If others use those holes in an illegal fashion, that is a problem for the agencies of law enforcement.
Miles
Guest
Surely it's a problem for the domain holder who had their domain stolen moreso than the law enforcement agencies.
- Joined
- Jul 3, 2002
- Messages
- 1,255
- Reaction score
- 5
I think it is best to err on the of caution to avoid possible negatives for this forum.
If it requires system changes to plug the hole, then contact whoever is in charge privately.
If it requires behavior changes by registrants to plug the hole, then post tips for minimizing problems.
Just my two cents.
If it requires system changes to plug the hole, then contact whoever is in charge privately.
If it requires behavior changes by registrants to plug the hole, then post tips for minimizing problems.
Just my two cents.
- Joined
- Jun 10, 2002
- Messages
- 538
- Reaction score
- 0
Its better to advise:
Don't leave your door unlocked.
Than to explain:
Walk through the neighborhood, and check all the doors. When you find one thats unlocked, you can walk in and take anything you want. Some homes have valuable jewelry and cash just laying there for the taking.
Don't leave your door unlocked.
Than to explain:
Walk through the neighborhood, and check all the doors. When you find one thats unlocked, you can walk in and take anything you want. Some homes have valuable jewelry and cash just laying there for the taking.
Guest
I disagree.
If you're going to give advice, you have to explain why your advice should be taken.
A vague "because" may be fine with children (and even with kids, I think it's good practice to be forthright), but with adults, details are needed.
When police report on a particular kind of new crime taking place, they give the details, so as to inform the public of what's going on and why they should taken certain steps to avoid them.
As for safesys's concern, let me ask you this: what if the exact information contained in devolution's post had been in an article at theregister.co.uk, and someone posted a link to it at DNF. Would you remove the link?
Miles
- Joined
- Jun 22, 2002
- Messages
- 921
- Reaction score
- 0
I agree with Miles, I do see anything wrong with still havning the the thread availble on this forum. This forum is operated and owned by a US citizen. 1st Amendment/Freedom of Speech should be protected at all cost. Even if it deal with sensitive information, that could lead to other people doing some harm after reading the post. Thinking in those terms, would probably stop the whole Hollywood production of films. Who goes out and do the things they see on film?
We all serve as moral agents, and we have the right to choose what we want to read and on what decisions we choose to act upon. This is what democracy is all about.
We all serve as moral agents, and we have the right to choose what we want to read and on what decisions we choose to act upon. This is what democracy is all about.
- Joined
- Jun 10, 2002
- Messages
- 538
- Reaction score
- 0
Even with a no censorship philosophy, do you want really the type of forum that archives the negative how-to's ? Do you really want people posting how to hack dns, steal domains, steal traffic or sales, etc ? These things might be posted on the internet elsewhere, but do you want them posted here ? Obviously, if someone is looking for information on how to commit a crime or fraud they can find it on their own. What reason would it serve to create that atmosphere on this forum though ?
Guest
I cannot believe the person who demanded more information and called for "victims" of stolen domains to come forward now proposes censorship because the data is too revealing?!?!?!
Sounds like someone is coming around to the real possibility high profile domains that were on course to expire (but were not quite there yet by the calendar) AND some domains paid well in advance were actually stolen from owners who seemingly were no longer around. Congratulations.
Coming from the person who started these threads, me, the theft technique was not NOT IN FACT revealed. Rather, others have since published more revealing information, but still nothing to tremble over.
So what happened?
Actually there is no technique. Huh? You say. First correct a myth. NONE of the domains, I listed as stolen by this thief had discontinued Admin Email addresses from Yahoo or Hotmail, etc. How do I know? I tracked them. All of them. For example, the thief stole agent.com. The Admin emaill address BEFORE he changed it was [email protected]. Go ahead and call NetSol to confirm it, that is if they will even talk to you. Trust me that was the Admin email address prior to the theft. Anyone want to bet? ALL of the stolen domains had their Admin email addresses changed electronically--confirmed by Network Solutions, and again none were Yahoo or Hotmail addresses.
So how did he do it? Not hacking, not spoofing emails looking for tracking numbers (that is not possible now), nor snail mail (forgery, like how holiday.com, construct.com, fg.com, craft,com, etc were stolen--and are still being used by the thiefs of 2000 and 2001--but that is another story--ask me about them if you wish). This thief of 2002, yes, hold on, works for NetSol. He simply has access to the accounts! Ok, that's on the table. Now what......NetSol needs to find him and stop him. Period. Any help finding him? That is what this forum is for I thought.
Sounds like someone is coming around to the real possibility high profile domains that were on course to expire (but were not quite there yet by the calendar) AND some domains paid well in advance were actually stolen from owners who seemingly were no longer around. Congratulations.
Coming from the person who started these threads, me, the theft technique was not NOT IN FACT revealed. Rather, others have since published more revealing information, but still nothing to tremble over.
So what happened?
Actually there is no technique. Huh? You say. First correct a myth. NONE of the domains, I listed as stolen by this thief had discontinued Admin Email addresses from Yahoo or Hotmail, etc. How do I know? I tracked them. All of them. For example, the thief stole agent.com. The Admin emaill address BEFORE he changed it was [email protected]. Go ahead and call NetSol to confirm it, that is if they will even talk to you. Trust me that was the Admin email address prior to the theft. Anyone want to bet? ALL of the stolen domains had their Admin email addresses changed electronically--confirmed by Network Solutions, and again none were Yahoo or Hotmail addresses.
So how did he do it? Not hacking, not spoofing emails looking for tracking numbers (that is not possible now), nor snail mail (forgery, like how holiday.com, construct.com, fg.com, craft,com, etc were stolen--and are still being used by the thiefs of 2000 and 2001--but that is another story--ask me about them if you wish). This thief of 2002, yes, hold on, works for NetSol. He simply has access to the accounts! Ok, that's on the table. Now what......NetSol needs to find him and stop him. Period. Any help finding him? That is what this forum is for I thought.
- Joined
- Jun 22, 2002
- Messages
- 921
- Reaction score
- 0
Most of us on these forums hold more domains than most common people out there. Rather than encouraging us of committing those fraudelent acts, I think it might help us to protect ourselves better from these types of attacks. Most of us have invested huge amount of money in our portfolio of domains we hold. These type of info is at least very useful to me. If I ever read somewhere how to hijack a car, it does not necessarily mean that I'm going to. It's rather the oppisite, it helps me to take the measurements needed to make it at least more difficult for anyone wanting to hijack my car.
I can see where you are coming from too, but in this case I don't see this type of info doing more harm than good. I think we could use the utilitarian argument, that does it serve the good for most people or only a few?
- Joined
- May 1, 2002
- Messages
- 348
- Reaction score
- 0
I think that was a good decision safesys, but I think the thread should not be deleted and allowed to be accessed.
Freedom of speach is very important, and besides those implications might be factual and we would like to know about them.
By the way if anyone does decide to censor this or any other info,
..... censored.info is for sale .....
Guest
Once again, no...that's not what this forum is for (as far as I can tell). That's what police agencies are for.
You said you've already contacted them, now you can relax.
But if you feel the issue isn't being resolved, then I suggest you contact your elected representative(s), and perhaps some of the major media in your country.
Miles
- Status
Similar threads
The Rule #1
Do not insult any other member. Be polite and do business. Thank you!
Sedo - it.com Premiums
Premium Members
Spread the Word!
Our Mods' Businesses
*the exceptional businesses of our esteemed moderators