Re: [DNS] Hey Chezza and co - getcha .au expiry dates here!

Re: [DNS] Hey Chezza and co - getcha .au expiry dates here!

From: Kim Davies <kim§>
Date: Wed, 14 Apr 2004 18:22:30 +0800
Quoting magic2147&#167; on Wednesday April 14, 2004:
| I do not understand your point about privacy. These are large corporate bodies 
| (auDA, Ausregistry and the registrars) deriving substantial revenues from registrants.  
| They should be responsive to the f.o.c. forensic commentary they get here but often 
| they are defensive to the point where it is laughable. That's why some of us get so 
| much pleasure trolling them. They are not sixteen year old virgins although the way 
| they squeal when their shortcomings are noted you would think they were. For mine if 
| you are in business and someone points out a problem - wear it and fix it.

My point is simply you provided instructions in a public forum on how to
abuse a loophole. Whilst I am a fan of full disclosure, actual methods
shouldn't be disclosed until the parties involved have been informed,
and opportunities given to remedy it. Hence, the question I asked.

I think your point would have been just as resonant if you said "I found
an obvious security hole in a registrar that allows you to access any
domain's expiry date. I have told the registrar and auDA about it, and
after X period of time they still do nothing, not even a reply that it
is being investigated."

Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC