Domainer TV's Tidbits
From time to time, Domainer TV may produce a video summarizing a jumble of things going on within the industry, or their stance on an issue, person, event, or something developing that affects the domain name industry.
Those types of video productions and others that don't fit into any current menu categories will be placed here, in the Tidbits section.
What did he say he said?
Several quotes and reworded comments by Paul Twomey, president and CEO of ICANN, from Scott Shuey's most recent article in the Gulf News, Domain names for .arabia, are being questioned and are in the process of being verified.If the comments are true, we agree with Ron Jackson's opinion in a recent daily lowdown that Twomey should resign. If the comments are not true, Shuey should be fired for incorrectly portraying the entire business of domaining as tainted, soiled, yet technically legal.
Marcia Lynn
Marcia Lynn's drive-by on proposed legislation
S.2661: The Anti-Phishing Consumer Protection Act of 2008.Open Letter to Senator Snowe:
Senator Snowe,
Americans and the entire world has an excellent opportunity to check daily headlines and follow news stories of phishing, and at the same time be able to actually "test" your bill to see how effective it would be should it be passed into law.
Phishing is a serious problem, and with your name at the head of this bill, have your considered that if, as a law, it is ineffective, how Americans will blame you? For their stolen identities? Hijacked bank accounts? Loss of life savings?Below is a link to a recent news story about a recent phishing attack.
Although most phishing attacks have nothing to do with similar sounding domain names, since you mention that in S.2661, here is an attack against Wachovia Bank customers using the domain name wachovia-message-center.com.
http://www.timesdaily.com/article/20080315/NEWS/803150331/1011
Please note the following about this attack:
1) The domain name was registered on March 14, 2008, with private WHOIS information.
2) The attack (a massive amount of emails directing people to wachovia-message-center.com) was launched on March 14, 2008, the day of registration.
3) The domain was deleted and removed from nameservers within 48 hours of the phishing attack.
4) This attack was planned and executed with the precise goal of stealing login information of customers of a particular financial institution. The criminals may have stolen funds on the day they stole the login information. Or they may use the information they stole days, weeks, or years in the future in an algorithm to figure out logins and passwords to other financial and/or personal data.
Section 3(c) of S.2661 allows authorities to obtain the identity under the layer of private whois information. However, it proves to be false information. The criminals, in their planning, did not leave a real name, real address, or real phone number.
An "Anti-Phishing" law should thwart phishing, so let's ask, would it be effective in preventing or detering phishing?
If S.2661 had been passed into law, in this particular scenario:
- S.2661 Stopped phishing attack - NO
- S.2661 Led to identification of criminal(s) - NO
- S.2661 Led to prosecution of criminal(s) - NO
- S.2661 Led to reimbursement of consumer loss - NO
As more reports of phishing attacks appear in the press, I'll continue sending scenarios of how they'd play out if your proposed bill is passed into law.
This was one very, very simple phishing attack. Any "anti-phishing" bill should be able to catch and prosecute the criminals behind the most complex phishing scheme, and certainly the criminals behind most simple phishing crime.
Most alarming is that the majority of phishing attacks are highly technical at the nameserver level, to which your bill does not address nor provide solutions.
Sincere in seeing an end to phishing,
Marcia Lynn
I am, an:
American Consumer Against Phishing Attacks ("ACAPA")
(Analyzing phishing attacks, and using S.2661 to see how effective your proposed legislation would be)