Hello Derek,
It's true that nothing is perfect in this world, there are only solutions to
reduce the risks, none to eliminate them completely.
But seriously if this kind of situation happen to a customer, i'm sure
OpenSRS would cooperate and use a fast and safe method with the RSP. OpenSRS
is a business, they know that your customer is having serious problems and
you're having serious problems too because your customer want the control of
his domain back in the next 30 seconds. And also, i'm pretty sure OpenSRS
staff will not just read and execute a fax request but simply use common
sense.
Anyway it's just a point of view.
Regards,
__
Steve
----- Original Message -----
From: "Derek Balling" <[EMAIL PROTECTED]>
To: "Steve Poirier" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, August 14, 2001 8:34 PM
Subject: Re: [RE: Transfer Fraud: Who are these losers!!!!]
> In a theoretical sense, I agree. But there are also lots of times
> where $BIG_COMPANY_MANAGER[1] thinks that all is well because
> $MANAGER[2] has the password and vice versa. Only when $ADMIN is gone
> do they both realize how wrong they were.
>
> Also, there may also be very strict/tight security. e.g., you never
> share $PASSWORD with anyone for any reason because the only person
> trusted to do $JOB is $ADMIN. Perhaps not even $MANAGER{$ADMIN} is
> trusted for that task for various reasons (no technical know-how,
> etc.)
>
> There's a wide variety of causes for the described problem. :-/
>
> Again, not saying I necessarily have a problem with OpenSRS' system,
> just a statement about a potential downside to it.
>
> D
>
>
> At 8:32 PM -0400 8/14/01, Steve Poirier wrote:
> >Managers are responsible for employees. It should never happen that only
one
> >person has the password. Keep them in a safe or anywhere but not just in
the
> >head of a net admin. If you lose your password because you fire the guy
who
> >is the password guru, then you have serious management flaws and
> >$BIG_COMPANY = 0;
> >
> >Regards,
> >
> >Steve
> >----- Original Message -----
> >From: "Derek Balling" <[EMAIL PROTECTED]>
> >To: "Ross Wm. Rader" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Tuesday, August 14, 2001 7:54 PM
> >Subject: Re: [RE: Transfer Fraud: Who are these losers!!!!]
> >
> >BIG_COMPANY fires me during YAMROL[1]
> >
> >$BIG_COMPANY now needs to move their nameservers to new IP's, or
> >perform some other maintenance on their domain.
> >
> >Is it accurate to say that $BIG_COMPANY, even though they're listed
> >as the owner, has absolutely no way short of a court order of getting
> >it done?
> >
> >I'm not passing judgement here, I'm just noting that what's being
> >described above is VERY tight security, and I'm not sure it is all
> >that practical in all cases. It's cool that the "fake fax" won't get
> >a xfer moved, but at what cost? *chuckle*
> >
> >I guess I'm asking "how firm IS that position?"
> >
> >__
> >Steve Poirier
> >Project manager
> >Inet-Technologies inc.
> >
> >----- Original Message -----
> >From: "Derek Balling" <[EMAIL PROTECTED]>
> >To: "Ross Wm. Rader" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Tuesday, August 14, 2001 7:54 PM
> >Subject: Re: [RE: Transfer Fraud: Who are these losers!!!!]
> >
> >
> >> At 7:25 PM -0400 8/14/01, Ross Wm. Rader wrote:
> >> > > > Personally, it doesn't really matter if people are trying to
steal
> >my
> >> >> > domains... just be thankful you're not with NSI where it used to
be
> >> >(still
> >> >> > is?) trivial to steal domains from another individual.
> >> >>
> >> >> Is it any more trivial then at OpenSRS? Just a forged fax away
from
> >> >owning
> >> >> any domain you want, right?
> >> >
> >> >nope...transfer requests are only honored through the system.
Registrant
> >> >changes only through the MWI with a valid U:P - court order or WIPO
> >decision
> >> >beyond that. There are other limited situations where we will act,
but
> >these
> >> >are typically to assist a verified registrant get a name back that
was
> >lost
> >> >due to insufficient process at another registrar...(ie - another
> >registrar
> >> >receives a forged fax, changes the admin contact email address and
then
> >lets
> >> >the pirate registrant transfer to us...)
> >>
> >> Let me play devil's advocate for a second.
> >>
> >> I work for $BIG_COMPANY, and manage their domains. I alone know the
> >> username/password combo.
> >>
> >> $BIG_COMPANY fires me during YAMROL[1]
> >>
> >> $BIG_COMPANY now needs to move their nameservers to new IP's, or
> >> perform some other maintenance on their domain.
> >>
> >> Is it accurate to say that $BIG_COMPANY, even though they're listed
> >> as the owner, has absolutely no way short of a court order of getting
> >> it done?
> >>
> >> I'm not passing judgement here, I'm just noting that what's being
> >> described above is VERY tight security, and I'm not sure it is all
> >> that practical in all cases. It's cool that the "fake fax" won't get
> >> a xfer moved, but at what cost? *chuckle*
> >>
> >> I guess I'm asking "how firm IS that position?"
> > >
> >> D
> >>
> >>
> >> [1] Yet Another Massive Round Of Layoffs
> >>
> >> --
> >> +---------------------+-----------------------------------------+
> >> | [EMAIL PROTECTED] | "Conan! What is best in life?" |
> >> | Derek J. Balling | "To crush your enemies, see them |
> >> | | driven before you, and to hear the |
> >> | | lamentation of their women!" |
> >> +---------------------+-----------------------------------------+
> >>
>
>
> --
> +---------------------+-----------------------------------------+
> | [EMAIL PROTECTED] | "Conan! What is best in life?" |
> | Derek J. Balling | "To crush your enemies, see them |
> | | driven before you, and to hear the |
> | | lamentation of their women!" |
> +---------------------+-----------------------------------------+
>
