All indications are that the domain was noticed to be gone on the 15th, the DNS could have been changed well before this.
Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jack Broughton > Sent: March 18, 2002 11:31 AM > To: Charles Daminato > Cc: opensrs discuss > Subject: Re: hijacking, AGAIN > > > I'm quite sure that most readers on this list are waiting for a > chronology of > what really happened here. The question of whether the > "hi-jacking" occurred > on Friday or was just noticed then is a little key. Obviously if someone > knows how the administration of these issues work, then effecting > a change > after business hours on Friday is a good way to ensure that > you'll probably > get a weekend's worth of uptime. If the domain was hi-jacked they didn't > really finish the job as they should have changed registrars to > make things > far more difficult (and slower) to change back. > > I saw a date of March 5th stated as the time there was the last > change on the > domain. This means if the domain was given new DNS values then > the new ones > must have been setup with the same records as the old DNS so that > the owner > wouldn't notice. Then on the weekend (or Friday night) they changed the > pointers and voila... new site displayed at old URL. > > As a possible courtesy (and something probably easily achieved by > OpenSRS) we > could have RSP's notified when a registrant changes but the > domain is still > under the RSP's account profile. 99 times out of 100 the RSP > will probably be > well aware of the change but for the circumstance described in question it > would have alerted them to the change back on March 5th. That way if there > were something underhanded at play then they'd be on it that much quicker. > March 5th was a Tuesday which makes the "hi-jacking" a little > less plausible > as by rights they should have done it on Friday night as well just for the > same reasons of reduced countering measure time. Perhaps > Christian rockers > aren't as savvy in such matters. :) > > I agree with William though that throwing due process away for > the sake of a > possible hijacking makes me far more nervous than having > compliance personnel > around to comiserate with alleged domain hi-jackees 24/7. We can all > sympathize but I think realistically OpenSRS isn't the bad guy > here. If there > are damages to be had go after the hi-jacker and not the > registrar. (Plus I > don't want to pay more for domain registrations for this > "service". I think > that many may claim they have 24/7 support on such issues but the > proof is in > the pudding. Put it to the test and you'll find a much different > reality. I > know this from experience with 24/7 support claims from large > NSP's where it > really means they know the phone numbers of the people who really > know how to > fix things but are absolutely LOATHE to use them! Usually they > try and stall > waiting for you to PROVE it is their issue and not your equipment > and by the > time you address their burden of proof requirements magically the > day staff > has now started.) > > Anyway... this thread is getting a little overworked. Give is > the chronology > of actual events and I'm sure everyone would be interested in > analyzing what > if anything could have been done to prevent it. > > My two cents worth... (which in U.S. funds is hardly worth making > a coin for.) > > Jack > > PS. In shop class I was making a bowl that was very large and > due to is being > misshapen made the lathe hop all over the place. I decided to > make it more > circular on a band saw first. When I had the guard down and > couldn't turn it > with my hand on the top, I put one hand on the side to help turn in. The > blade hopped out of the wood and cut my index and middle fingers > on my right > hand quite deeply from the fingertips down. I'm sure this in > conjunction with > the stitches I received permanently changed my fingerprints on that hand. > So... it doesn't matter if you know the proper band saw > techniques it doesn't > always mean you follow them. Just reading about the cheese > incident brought > all that pain I endured back to fresh memories... ouch! What a > way to start a > Monday! > > Charles Daminato wrote: > > > > I'm not expecting that they can always be reversed 24/7; I'm > > > expecting that > > > some portions of the investigation can be done 24/7. > > > > What would this accomplish? Not much really, almost a waste of > time since > > most of the cases would be inconclusive without further information that > > cannot be obtained until normal business hours. > > > > Charles Daminato > > OpenSRS Product Manager > > Tucows Inc. - [EMAIL PROTECTED] > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Roger B.A. Klorese > > > Sent: March 18, 2002 10:25 AM > > > To: William X Walsh > > > Cc: POWERHOUSE; Dennis Hisey; opensrs discuss > > > Subject: Re: hijacking, AGAIN > > > > > > > > > At 07:24 AM 3/18/2002 -0800, William X Walsh wrote: > > > >Monday, Monday, March 18, 2002, 7:06:50 AM, Roger B.A. Klorese wrote: > > > > > > > > > At 11:51 PM 3/17/2002 -0600, POWERHOUSE wrote: > > > > >>I would have to agree. I would HATE it if when I finally got > > > to sleep at > > > > >>5am, I got a call from somone about one of my domains being > > > Hyjacked, or > > > > >>something like that, because they where open 24hours a day. I > > > would be VERY > > > > >>mad. > > > > > > > > > But the user whose business depends on 24/7 access expect > > > exactly that. > > > > > > > >They have no reasonable expectation of that. Domains hijackings will > > > >not be reversed based only upon the word of someone who claims to be > > > >the registrant. > > > > > > > > > I'm not expecting that they can always be reversed 24/7; I'm > > > expecting that > > > some portions of the investigation can be done 24/7. > > > >
