Acro.net – Technology Rants & Raves by Acroplex®

As I was putting the groceries into the trunk of my car today, a nice looking lady in her mid 40′s approached me. She was well-dressed, at least by Florida standards and considering the temperature was in the low 90′s. I thought she wanted some sort of assistance, when she started with “Sir, sorry to bother you…”

The next string of words that came out of her mouth immediately put me into alert mode: “Can I have a couple of dollars for gas?”

Over the years, I’ve donated a few cool thousands to charities and people in need. Even street beggars. But I would never get suckered by a “dame in distress” who puts on a show like this. Her attempt at faking tears was pathetic.

My response was brief and to the point: “Nope, sorry.”

She took off faster than you can imagine, into her dark green vehicle and away from the lane where I was parked. I could not even see whether she drove off alone or with someone else in the car! Considering how she can keep looping around the parking lot looking for suckers, all it takes is a few fake tears and some sprays of cheap perfume.

By the way, her perfume was nasty.

What happens usually is that once you open up your wallet, these people or an accomplish will present a weapon or forcibly take it away from you. Bye-bye credit cards, driver’s license etc. So even if you are presented with the dilemma of not knowing whether the person in distress is indeed in need of cash, ask them to go to the very entrance of the store, where they can easily be apprehended if needed.

In the same manner, online begging is equally easy to occur. People can assume all types of personalities and even fake their gender, in order to establish the necessary definition of a person in need.

Always suggest a public, well-established means of support such as the church, the local authorities or organizations that cater for the people in financial need, such as the Salvation Army. It’s better than losing your money along with your faith in helping others.

It was in early 2000 when one of my few – back then – domains got hijacked by a Turkish hacker. He picked that particular domain because it’s a very common Greek cussword, shared equally among our eastern neighbors. The domain was registered with Network Solutions, which offered back then an update process via email. With each WHOIS info change, an email was sent out to be acknowledged or denied by the administrative contact.

The problem was its predictability: its format was identical each time, the changes to be made were obvious and the information conveyed was unencrypted. All a hacker had to do – and many did – was to initiate an update via the NetSol web site and then send out a fake email that appeared to come from the administrative contact, authorizing the changes!

Simple and brilliant.

What’s not simple and brilliant is that eight years later other companies continue to make the same mistakes in the way they program authorization of updates in transactions. In a recent scheme, a Sedo seller received an offer for a 3-letter .com domain; the price was agreed upon and consequently he was emailed, being told that the payment had been received and that the domain should be pushed to the buyer’s account.

The email ended up being fake, the perpetrator once again originating from Iran (oh, the surprise!). The scammer simply replicated a response email, sent often by Sedo to the participants of a transaction and spoofed the originating address, thus making the seller believe that the payment had been made. The seller pushed the domain to the scammer’s acount with Moniker. Later on, Sedo notified the seller that no such email had been sent, that the payment was still pending and that the buyer was apparently trying to defraud the seller.

Luckily, the domain was returned due to the strict safety policies of Moniker. It was proved stolen and it was returned to the owner. Sedo must stop sending out these full communication emails; they must simply prompt the parties involved in a transaction to log into their Sedo accounts to perform whatever step is needed. This way, no personal data is disclosed and no spoofing is possible. Sedo must take example from Escrow.com that has streamlined the domain transfer process to the highest degree; if they were also a registrar it’d be the ultimate in domain reselling security. Other options exist, such as Moniker’s escrow (requires the domains to be transferred to Moniker first), Afternic and the newly founded venture EscrowDNS.

It’s important to learn from the lessons of the past, to avoid the anguish in the future.

In yet another hasty move, Sedo has inexplicably begun to remove political domains from its marketplace. It is uncertain how far the pattern searcher reaches, however Carolyn from the support department mentioned that their legal department decided to remove domains that contain the name of the US political candidates, Obama and McCain. I expect that the black-listing filter contains the names of Palin and Biden as well.

Now, I am not an opportunist that’d go around registering dozens of names of every possible combination for the party tickets, like others did. I own two domains, both hand-registered for their brandability value: Obamagram.com and Oreobama.com

Sedo’s email was yet another blow in the face of the growing number of users that choose the Sedo marketplace as a selling platform:

We are writing to inform you that the domains listed below have been suspended from Sedo’s services because this domain(s) is a potential violation of Sedo’s policy against domains that include obscene or illegal subject matter. While Sedo strives to protect our users rights to exercise free speech and maintain a marketplace with a vibrant and diverse collection of domain names, we apologize any inconvenience that this may cause.

It’s definitely ironic to see the words “free speech” and “blacklisted” in the same email. Currently there are dozens if not hundreds of political domains on Sedo’s marketplace so the blacklisting process has just begun.

Time to move your domains to Parked.com or elsewhere.

Namejet’s utilization of the Network Solutions pre-release service has created an aftermarket for really old domains that expired and were not renewed. Instead of dropping them, Netsol offers them up on auction. Several people, myself included, go through the pre-release lists for domains of value: aged domains, traffic generators or simply brandable domains. So far, I’ve invested several thousand dollars into this business.

Here lies the problem: two different platforms, with no common support system.

Namejet is a spinoff of eNom, another large domain registrar. Network Solutions is the original domain registrar, with a huge and aged inventory of domains. Although they are in this venture exclusively together, they share no common ticketing system.

My credit card was charged the nice sum of $2,500 in the middle of last week, after I won a Namejet auction. Since then, the domain has not landed in my Netsol account. Upon calling tech support at Netsol, I am told that they cannot confirm the status of my order and that I need to either wait past the 24-48 hour window or to contact Namejet. The problem is, it’s been 4 days since my credit card was charged.

I opened a ticket at the Namejet web site as they don’t offer phone support – another major flaw for an operation of this magnitude. I suspect that they simply share resources with eNom, the ticket system is identical and I get the same canned replies. So I was told that Network Solutions has been notified when payment was made and that the domain WHOIS shows my details. Except, it doesn’t. The WHOIS at Network Solutions still displays the usual “Pending renewal or deletion” blurb and their tech support, despite their ultra-polite demeanor, have no idea why the domain is not in my account yet.

To add a twist of absurdity into this, Namejet mentioned that transactions that end before the weekend or before a holiday might extend the process time of the domain. Only problem is, another transaction that ended on 8/31 – a Sunday – was processed immediately by Namejet and I got hold of the domain instantly. The difference: the domain was with eNom, not Netsol.

So who’s telling the truth, Namejet or Netsol? Personally, I don’t care. I paid for something four days ago and have yet to receive it. It’s easy to blame computer software for delays in processing but when a credit card is successfully charged the items should be delivered within the reasonable time set forth in the agreement. Four days is not a reasonable time in the domain world.