>>Private registration is an issue when bad guys register domains, but in practice I don't see this too often.
I've seen it plenty, but your next point is certainly true: >>...It's more often that they use completely made up information or just use a stolen identity.... Exactly, in which case access to whois information does you, the person inquiring into the domain, no good at all. True, you can let the person whose identity was stolen know about it, but they'll find out before too long, and by the time you contact them it's too late. Actually, most often what I see is that it points to a probably real, but non-responsive contact. >>...Access to the WHOIS information is also helpful when a legitimate organization has had their resources misappropriated... You mean like transferring the company domain to your personal account? This happens, but it's pretty rare. And what good is it to see the whois? It doesn't speed up the recovery process any. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
