|
Home Page |
Main Article Index | FREE
XP Newsletter |
XP Registry Tweaks
October 2004
Special Mailing -
"I Phoned The Hijacker!"
Windows Update XP Newsletter
Subscriber List: 24,818
-----------------------------------------------------------
http://www.updatexp.com
Making Windows XP a little easier...
-----------------------------------------------------------
PLEASE note that this is an "opt-in" newsletter. The ONLY way to
receive it is to complete the online form and reply to the
verification email I send out.
Therefore you are receiving this email because you asked to... If
you no longer wish to please use the subscription management tools
at the end of this newsletter.
ATTENTION AOL USERS:
Please add us to your address book so you have no trouble receiving
future issues!
-----------------------------------------------------------
My Domain is back in my control again!
-----------------------------------------------
Now this is a *LONG* email so imagine sitting
down in a comfortable chair before reading...
...YOU may even want to print it out.
AND watch out for my 5 security tips at the end!
------------------
GREAT
NEWS....
------------------
What could have been a real *nasty* mess has virtually ended.
I say virtually ended because there are still some things that
require actioning "behind the scenes."
And so to the question YOU may have been asking.
"....Marc, WHAT exactly happened?"
Also, I will let you know some details of my phone conversation with
the guy who took my domain away
from me....
YES - I really did phone
him.
BUT...
BEFORE I do that I would like to acknowledge the help and guidance
of some folk who went out of their way to help me.
...and for that I am truly grateful!
My thanks FIRST of all goes to YOU - my
subscriber.
Thank you for all your personal messages of support and emails of
complaint to GoDaddy.com
Whilst you may have received a typical "cut and paste" reply from
their support department....
I got to see the *BIGGER* picture.
Collectively, ALL those emails sent to
GoDaddy.com DID
make a difference!
So thanks again for your efforts.
It just goes to show what the "online" community can do when it
takes action ;-)
A Big thanks to my Website Host
http://www.sitesell.com/pdf.html
Ken Evoy and his team have been fantastic in supporting
me over the last few days...
Now it is *NOT* very often the president of a multi-million
dollar company picks up the phone and gives you a call to offer his
guidance!!!
But that is just *typical* of this very unusual company.
(GoDaddy.com could learn a thing or too from them!)
They are the ONLY host I know of that actually publishes a list of
just how *successful* the websites they host really are:
http://results.sitesell.com/pdf.html
and not just that....
...they are also willing to prove *WHY* what they do works:
http://proof.sitesell.com/pdf.html
Heck they even give much of this knowledge away in
FREE e-Books
that anyone can download:
http://freetrial.sitesell.com/pdf.html
OK. OK. I shall stop the mini-advert now, but I am so touched
by their help that I don't mind giving them a little free publicity!
Also I would like to publicly thank:
Paul over at the registrar tucows.com for convincing
GoDaddy.com to unlock the domain and get it transferred back to them
now it was officially mine again.
And Trevor over at optimalpayments.com for his "behind the
scenes" technical knowledge and persistence even though he has a
very busy job...
-----------------------------------------------
So What Happened...
-------------------------
Well, now we have most of the fact's it seems that this act is
actually quite a simple thing for *ANYONE* to DO!
And, that is the
scary
part!
You see when you register a domain name like UpdateXP.com you have
to give some details to the registrar.
One of these details is the email address you give so that the
registrar can contact you about things like "domain name transfers".
My mistake..?
I let the email address I used "expire"..
When I first registered the domain UpdateXP.com In January
2003 I used the email address:
mrpdf@mr-pdf.com
BUT on the 26th July 2004 I did NOT renew the domain name
mr-pdf.com ...so it "expired".
I did not need the domain anymore and had *forgotten* that I had
used it to register UpdateXP.com
...and that was my problem!
(Now I know this was a *dumb* thing to do with hindsight... but I am
not unique in this... more on that in a moment.)
So...
This young Russian *found* MY error from publicly accessible
information and then bought the domain name mr-pdf.com
He then used this to ask GoDaddy to transfer my domain
UpdateXP.com from my registrar to them.
And they DID!
Yep, all it took was an email from GoDaddy to the email address:
mrpdf@mr-pdf.com
To confirm that this request was valid.
Now since this guy now owned this email address he was able to reply
- yes it was OK.
And so the process started...
For the full details on how this process works you can read this
document:
The Insider’s Guide to Domain Transfers
https://www.godaddy.com/gdshop/pdf/TransferInsider.pdf
Now there are a few more details that I can't reveal yet as we are
still investigating them...
Well this seems to be a *grey* legal area...
The resolution GoDaddy.com insisted I follow was:
"If you are unable to come to a satisfactory agreement with the
current registrant, you may wish to go through a court or
arbitration forum (such as WIPO, The World Intellectual Property
Organization)."
So it seems that something immoral like this can take place and
GoDaddy.com simply washes its hands and let's the victim do ALL the
work...
Way to go GoDaddy.com
Do you think for one moment that if I had been IBM.com or
Microsoft.com and this had happened that GoDaddy.com would have been
so complacent?
I don't think so at all...
They also finished their email with:
"Please let us know if we can help you in any other way."
Yes how about putting a *FREEZE* on the domain so the guy can
NOT transfer all traffic so another website?
Nope..... GoDaddy.com was now protecting their new customer UNTIL I
could PROVE otherwise!
AND at my expense....
Yikes....
Well now I have the domain name back and that is GREAT news. I am
also hoping that my misfortune will help others!
So I phoned
the young Russian to find out why he had done this to me...
Phoned him?
Yep, now I know you *MAY* think I am mad at this point. I may
be, buy I DID want some answers and this was the ONLY way I
was going to get them!
So what did I find out on this 50 min call?
Well,
He is a 20 year old young Russian living in the US.
Three weeks ago he started *searching* for domain names that
had *expired* contact email addresses, just like mine had.
He then bought the expired domain and transferred the vulnerable
domain to his control...
Now it looks like he has only done this around 30 times UNTIL
he realized that he was in "way over his head".
He claims that the companies he has done this too should be
*GLAD* !!!
(Well I am GLAD that he was not an extortionist after a ransom for
my site... after all with over 1/2 million monthly visits MY domain
would
be worth a small sum.)
But what he has found is that MOST of the folk he has done
this too have actually been *VERY* angry. (Not really rocket
science to understand
why!)
Why could he not just email or pick up the phone?
In fact he is now so "alarmed" at everyone's response that he is
terrified to tell the largest catch of all, a $60 million company,
that he HAS their domain....
So I did something *unusual*.
I have offered to act as a go between if he wants!
Now I *KNOW* you think I have really have "lost the Plot" at this
point.
But I really *DO* want to see this sorry affair finished as soon as
possible.
What this young man has done *IS* wrong, has caused me a lot of
stress for a few days and cost me money!
BUT....
I do *NOT* want to see others go though this experience. So the
quicker we can sort things out the better for everyone.
(Now as I said earlier I can not reveal *ALL* the facts at this
stage but next week I shall be putting an article on my website.)
---------------------------------------------------
My Recommendations...
-----------------------------
So my recommendation is that if you DO own a domain name then make
sure your email listed under the ADMIN contact is the SAME as the
domain you own!
As an experiment I looked up the details of 100 websites I visit on
a regular basis. I found that a THIRD had a different email address
listed than the domain they owned....
...just the same as me!
In addition if your domain registrar offers a "transfer lock"
then select this option too.
This will lock *your* domain record at the registry level and
prevent it from being transferred, modified or deleted by a third
party...
-----------------------------------------------------
Can YOU let others *KNOW*?
--------------------------------
Got a friend who *WOULD* find this story
interesting? Then hit that FORWARD button now!
Perhaps you have a local paper that could highlight this issue that
many of your local businesses may *NOT* be aware of?
Or even a local Rotary group etc...
If my site and so many others can be hit like this oversight, then
word needs to get out!
...and after all *YOU* proved you can do that by the several
thousand emails that went "back and forth" to Godaddy.com!
And so now onto another topic you have been emailing me on..
PHISHING!
-----------------------------------------------------
A Question of Security...
-----------------------------
It seems that "Phishing" attacks is a concern to many readers like
you.
Typically I am receiving emails with questions like:
"I am getting emails that claim to be from my bank, Ebay, PayPal
etc... and they ask me to update or change my personal details! -
What should I do?"
Sadly this is VERY common and many folk get caught out..
In fact millions of dollars are conned out of folk just like you
each year...
Make sure YOU are NOT going to be one of them!
I do encourage YOU to read this excellent website to become familiar
with the tactics used and HOW TO protect yourself.
http://www.antiphishing.org/index.html
In addition MY 5
quick security tips would be:
### ONE...
Make sure your AntiVirus software is up to date!
If you have NONE installed then get some FREE software
here:
http://www.updatexp.com/free.html
### TWO...
Make sure you have a firewall installed and running...
Either use the free firewall in Windows XP Service Pack 2 or get one
of the FREE versions at:
http://www.updatexp.com/free.html
NB - If you
are looking to get the market leader then
take a look at Zone Alarm Security Suite:
http://www.updatexp.com/zonealarm-securitysuite
They even have a limited time offer of $10 off the sale price.
### THREE...
One of the common ways you can be fooled into giving Your sensitive
details away, is by a trick called "key logging"
Basically thieves can place some *software* on your PC via a virus
or website and many times it CAN NOT be detected by your up
to date antivirus software!
That's why I recommend you download this FREE Trial version
of "Spy Sweeper" and when you do remember to accept the update
option you are given when the program runs.
This means you will have the latest list of possible
*nasties* that could be lurking on your PC.
http://www.1updatexp.com/sstrial.exe
NB - yes that
should read "1updatexp.com" it is a second server I am using and is
perfectly *safe*.
### FOUR...
Make sure you are using the latest version of your Web browser and
email software AND remember it is NOT just Internet Explorer
and Outlook Express that need to be "patched" or "updated". Other
vendors software can be targeted too. (Even LINUX!)
Microsoft Security home page:
http://www.microsoft.com/security/
### FIVE...
Be AWARE of EVERY process running on your PC and what
it is!
WinTasks Pro 5 is a valuable tool that I use on a regular
basis. So much more powerful than the "Task Manager" that comes with
Windows.
NB - This software is
*NOT* available as a FREE trial via the company
website... It is something I have asked them to make available as a
download for you, my loyal subscriber!
http://www.updatexp.com/wintaskspro5-trial
This will download a small piece of software that will manage the
download process. This "may" trigger a firewall warning, if it does
this is Ok to accept it.
Then the download manager will go and grab the software required
from the server.
As soon as you open WinTasks Pro 5 for the first time make
sure you click the button on the main toolbar called "Check for
updates" and then select "Update Process Library".
This will mean you have the most up to date information to hand.
As part of the download you get a manual and the section that
explains how you can use the built-in script language is fabulous!
There is no real reason for you to NOT try out this *FREE*
trial...
-----------------------------------------------------
Something completely different!
--------------------------------------
After all this talk of security you may need to just have some
lighter diversion....
I was reading an article today in which Lucie Naylor – Senior
Product Manager Toys & Kids @ Amazon.co.uk was talking about letters
from Santa!
So I checked out the reference she gave and now am Arranging some
for my nephews and nieces.... one or two may even get a personal
call from him too!
More at:
http://www.updatexp.com/letterfromsanta
------------------------------------------------
Until next time!
Don't forget to tell your friends about us!
Kind Regards
Marc Liron
Microsoft MVP - Digital Media
Sign Up For This
FREE
XP Newsletter Here!
NB - I am
currently changing to a "new look" for this website, some pages may
still be in the old style
The views on this website are
my own and
NOT that of Microsoft!
I am not responsible for the content of any sites linked to.
The names of actual companies and products mentioned herein may be
the trademarks of their respective owners.
This page was last updated
22nd October 2004
Home Page |
Privacy Policy
| Windows XP
Tips | About Me
|
Contact Me
|
