Acro.net – Technology Rants & Raves by Acroplex®

Nowadays it seems crazy not to lock your domains.

All registrars offer this feature as a default option; others offer extended locking mechanisms or even hardware locks via the use of a ‘fob device’.

Although a transfer out cannot be completed automatically without the use of an authentication code, there are unscrupulous individuals that would attempt to hijack valuable domains. Keeping them unlocked is like an open invitation.

It sounds insane but currently there are 32 LL.com domains that return an “OK” status which indicates they are unlocked. I thought it’d be interesting to list the registrars they belong to.

For security purposes, I won’t list the domains themselves; I’m also listing how many unlocked LL.com domains belong to each registrar.

Surprisingly, there are 13 LL.com domains that are about to expire. How soon? Well, in less than 40 days.

Generally speaking, it’s good to renew your valuable domains for several years in advance; the benefits are multiple:

• Registration security until a future expiration
• Taking advantage of the current prices
• Google likes domains with long life-spans
• You show disregard to the 2012 doom and gloom!

Without further ado, here are the 13 LL.com’s that expire in 40 days or less; let’s hope their owners take notice.

Over the course of the past 18 months I’ve moved the majority of my domain portfolio over to Fabulous.com and I couldn’t have been happier.

I’ve written before why I think Fabulous is *the* best domain registrar catering to domainers.

This time around, I will discuss an important layer of security, available to Fabulous.com customers via an one-time fee: A security token or “fob”.

When I met Mike “Fabulous” Robertson at TRAFFIC Las Vegas in January, I could not but mention how great Fabulous.com is for domainers like me. For being an Aussie, Mike was particularly sober but regardless, he promised to send a spanking new Fabulous fob to my mailbox. I just could not wait!

A few days ago, as promised, the fob arrived in a small envelope. For almost an hour I simply examined it, planning what to do with it. Eventually, I simply ripped the envelope open and the fun began!

The envelope’s particulars showed a total weight of 11 grams or less than 1/2 an ounce. That thing was light as a feather, yet it managed to make it all the way from ‘down under’ intact. After I opened the envelope, I saw that it was packed in some bubble wrap for protection. And no, that’s not the layer of Fabulous security I was referring to!

Inside the bubble wrap was a small square plastic folder, complete with a label. My excitement peaked, as I saw the Fabulous.com logo with the blue gradient and the stars of Australia! The words “Security Key” made it clear that this was the real deal.

I opened the plastic folder, barely wider than a business card. Inside was a printed piece of paper that consisted of the front cover with the logo, the back bearing instructions and finally, the Fabulous fob in all its glory!

Here is a scan of the instructions portion. Since this was my first time to ever face a ‘security fob’ I had no idea how it’s used. The instructions miss one important detail: you have to plug the Fabulous fob into a USB port before you proceed with the steps above!

You can see how tiny the Fabulous fob is, the hole on the left allows you to put it in a keychain – although I would not recommend it – and the right side is what you plug into an available USB port in your computer. So what is the center part that looks like a ring? Hold on!

This is the magic glow of the Fabulous fob, after it was plugged into the USB port! It is now ready to be used and provide an extra, solid layer of security to your domain portfolio with Fabulous.com

After your Fabulous fob is installed, log into your Fabulous.com account as usual and go to the Admin section, then click on “Security”. A menu will be available. Select “Fabulous Security Key” and you’re ready for the registration part.

At this point, you need to ensure that you have easy access to the USB port; first click inside the form field as displayed above. Then press your finger firmly on the round, green ring of the Fabulous key.

As if by magic, the form will fill with a long set of encrypted characters in just a few seconds. That’s the time when you should lift your finger from the Fabulous fob and press the “Register Fabulous Security Key”.

The next step will confirm that everything went as planned with the registration of the security key token. Head over to this discussion if you want to know how the security fob works. Who said I’m not assisting you with your technology education!

At the bottom of the same confirmation page as above, you will see this nifty menu of options which will allow you to set up the extent of security that you’d like to implement. For example, you can enable authentication via the use of the Fabulous fob only when you want to make finance changes, or before you push a domain to a different account. Since you have this Fabulous device in your hands, you might as well check them all!

Finally, this is what you’re looking at when authentication is needed. To proceed with authorizing any action specified in the checkboxes above, the Fabulous fob must obviously be plugged in. Then, click inside the form field, tap and hold the glowing green ring of the fob until the form field fills – then hit Continue and you’re in!

I hope you found this review and tutorial about the security key, a.k.a “Fabulous fob” rather helpful. Fabulous.com is indeed a quiet giant, in the dark blue sea group of companies and it’s the domain registry of choice for anyone serious in the domain business.

Follow me on twitter: http://twitter.com/acroplex

Quite often, I wonder if my definition of quality customer service is too demanding but the answer comes back as a flat “no”.

Having used the services of many companies over the years – from retail to banks – I can honestly say that I’m just an average Joe with regards to what I expect from their procedures, workflow and customer support.

Today I will discuss an incident that, despite my goodwill and thorough participation in the process, kept me on the phone for 60 minutes; all while three companies involved in the domain business did less than their allocated part to assist me with resolving the issue.

A few hours ago I received an email from Register.com with regards to authorizing a domain transfer to them. The email did not list which domain was being transfered; the subject line simply stated “Transfer of .com”.

My first thought was that this was spam; after examining the email headers it was proven legit. Since I had not personally authorized a domain transfer to Register.com I felt compelled to call their support department.

I was able to get through their inbound transfers department quite easily; the wait time was barely a minute. The support associate was polite and explained to me that the domain had been authorized for transfer via the use of the auth code; she would just not let me know which domain that was due to their protocol. She advised me to contact eNom and talk to them, as they’re the losing registrar.

Usually, I don’t sweet-talk female associates on the phone. Being “neutral” and professional is the best way, however, when my property is at risk I feel that anything is permitted. So I sighed, explained that out of thousands of domains I’d have to guess the one that’s at risk of being lost; so judging by her voice that she was so friendly and nice, could she please (PLEASE) help me out?

The Register.com associate laughed, then disclosed that the domain was unlocked; a quick search at my eNom account narrowed that down to 9 domains. I applauded her professional skills and laughed jovially at the same time; this got me the TLD in question: it was a .biz

Not sure if she crossed the line of information disclosure but at that point I was left with 4 potential candidates. I thanked her, got a reference number and called eNom.

Going through eNom’s phone queue took about 5 minutes, at which point a live person got on the phone. After explaining the situation and while he was researching for any unauthorized access, it literally hit me. I asked him to put me on hold and went to Whois.biz – the official WHOIS for the .biz Registry – at which point my hunch was confirmed.

It was a matter of eNom not having synced the WHOIS info with the .biz Registry; the culprit was a .biz I sold via Sedo almost 3 weeks ago. Although upon pushing the domain to the Sedo account with eNom I had opted not to retain the contact info, the domain’s contact info was never updated at the .biz Registry by eNom; it was still mine, according to the WHOIS.

Gotta love false alarms.

Still, I called Register.com and this time I waited 20 minutes on the phone to get someone at the other end of the line, in order to update the ticket. After that, I went ahead and authorized the transfer via the link that had arrived at my email.

So who’s fault was it that I spent one hour on the phone over a situation that I did not initiate?

eNom.com – When I pushed the domain to the Sedo account, they didn’t sync the WHOIS with the .biz Registry.

Sedo.com – When they got the Auth code for the domain from their account, they did not first confirm the WHOIS at the .biz Registry.

Register.com – They would not give me the domain name – which was not mentioned in the email either – but I had to extract bits and pieces by social engineering their associate on the phone.

It’s clearly the fault of every company involved – all three are guilty of doing less than their expected part in a process that involved a buyer and a seller of a domain. Had I not taken an initiative to resolve this, these companies would receive additional inquiries and complaints from the buyer for days to come.

After all this was done and finished, I felt good for an extra reason: I had material to write a blog post on this otherwise slow and boring Sunday evening.

Follow me on twitter: http://twitter.com/acroplex

The announcement by the Library of Congress that it has acquired the entire Twitter database of messages – several billions of it – might seem like trivial to some.

In fact, the only trivial thing I can think of, is that if you tweet, you can now consider yourself officially published. Not many people have achieved that in their lifetime.

The truth is, that anyone believing that their publicly broadcast messages over Twitter are somehow erased or fade into some sort of digital purgatory needs to have their noob status checked. Anything you send off by hitting that “tweet” button is permanently stored.

The question that arises is, who will benefit from the storage of billions of messages, some as plain as “Yummy, just had lasagna” or as incriminating as “FTW! I banged Missy the other night in her parents’ bedroom!”.

Does the Library of Congress believe that the terabytes of information is of some inherent value, even if it includes president Obama’s first tweet or those of important politicians or celebrities? Is there some other ‘force’ and motive behind this acquisition of information?

I’m not sure what to believe of this massive acquisition of data, however, as with every amount of raw data it doesn’t matter what you have, it’s how you use it. The analysis and processing of such an immense database can generate a lot of important secondary data, that cannot normally be obtained by observing feeds or keywords alone.

In today’s digital world, information can be cross-compared to other data, combined, reformatted – even altered – to the extent that it becomes an alter ego of someone, for purposes known only to the handler of this digital information.

And that’s precisely when things become dangerous.

Follow me on twitter: http://twitter.com/acroplex