Feeds

Web community puts price on head of super highwayman VeriSign

Domain transfer madness at Hoopla.com

  • alert
  • submit to reddit

High performance access to file storage

Domain registrar VeriSign has infuriated the Web community by wrongly transferring a New York writer's domain to an unchecked person in Germany.

The transfer of Hoopla.com was the result of a faked fax request but even though VeriSign has admitted its error, it has refused to sort out the situation, prompting real owner Leslie Harpold to hire a Florida lawyer in pursuit of the domain.

At the same time, hundreds of Internet users are working on a "Google bomb" to embarrass the company. A Google bomb works by putting up hundreds of links to a particular URL and naming it after the search term that people type into the Google search engine. In this case, the link is to Harpold's tale of events and the search name is VeriSign.

Hopes are not high though that either action will prompt VeriSign to do the decent thing and return ownership to Harpold, especially considering the company's track record. The trouble lies in VeriSign antiquated mechanism for changing domain name information.

The company, which owns Network Solutions, was the original Internet registrar, building and maintaining the first domain lists. However, following enforced competition in the domain name market, the company has faced many accusations that it is using unfair methods
to protect its ailing monopoly from cheaper competitors.

The seriousness of the situation - which has seen hundreds of domains wrongly transferred to others in the last two years - is such that Internet overseeing body ICANN even put registrar transfers on the agenda at its last meeting. Its recommendations are currently in a white paper which critics argue still do not tackle the main problem of verification.

The facts in this case are that VeriSign received a forged fax from a Sarah at a fake address in Berlin, stating that Leslie Harpold had given permission for the domain Hoopla.com to be transferred to her. The domain was not itself due for renewal until June this year. The company did so, and Harpold was frozen out the domain. Upon complaining, she was told that she would have to personally contact the new owner to agree terms, despite the fact that VeriSign never checked the transfer was correct.

Under ICANN rules, VeriSign is not actually obliged to doublecheck with the original owner that a transfer is agreed to, and it assumes authorisation is correct if the fax it receives contains the same email address as the contact address it has for that domain. This situation, inevitably, has led to hundreds of falsely transferred domains. The company efforts to prevent this happening by asking for extra authorisation have also met with criticism.

The problem lies with the company's insistence on using printed and faxed forms, rather than Web-based password-protected entry to registrant details that many other registrars use. VeriSign does offer more secure options but at a premium and even this has been seen to fail, with hijackers grabbing domains with even so-called top-level security (Internet.com is a case in point).

The company has been reluctant to move from its form method as it not only makes transfer to other registrars a more time-consuming and complicated affair, but also leaves it in ultimate power over the domain details. And there are no shortage of complaints that VeriSign continually refuses simple requests to change over to a new registrar or even that the forms have vanished between leaving the registrant and arriving at VeriSign. VeriSign does offer a $199 premium service however that will see domains re-registered within two days. There are no known complaints from those who have used this service instead of the cheaper $15 option.

But while the financial benefits of not creating a new, more secure system for domain details and transfers are clear, VeriSign is skating on thin ice. Despite a close relationship with those in power at ICANN, large sections of the Internet business and increasingly Internet community are at odds with its approach.

This was further heightened recently when the company sent emails to customers of competing registrars warning them they needed to renew their domain before it is was released to the public and apparently offering to save them $20 - months before the domain was actually due for renewal.

It is clearly a flawed system when a single fax can see the transfer of a domain that someone has worked on for years to a complete stranger without verification. If VeriSign doesn't mend the error of its ways, it could soon see itself as a minor player in what was once its playground. ®

Related Links

The Google bomb plan
What the hell have you done with my domain?
ICANN mulls the problem over

High performance access to file storage

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.