Some list members may not be aware that auDA has taken several steps to restrict access to the AUNIC database to try and minimise misuse of the data. Traditionally, the AUNIC database had been available for anyone to download, and over several years, many people did download the entire database. About two years ago, after auDA took over management of the AUNIC database, they implemented restrictions that stopped the bulk download of the database. Its important to note however, that anyone with a copy of the database downloaded almost two years ago can use the 'creation date' field in the data to calculate the probable renewal date, and then send out 'invoices' to the domain name holders based on that information. So all the spam paper mail sent to com.au domain name holders in the past year about renewing their domain name could have been based on a copy of the database downloaded a couple of years ago before restrictions were introduced. They don't need to have obtained a copy of the database in the last year or so - an old one is just as useful for that purpose. This is the 'lead time' problem with implementing more restrictions to data in the AUNIC database. A restriction (such as my suggestion to remove 'creation date' and 'street address') implemented today won't have an effect for two years on anyone who has a copy of the current database. Although it will have an immediate effect on any entity without a copy of the database. I believe that because of this lead time issue, removing 'creation date' and 'street address' should be done ASAP - better to do it now than to wait for the implementation of the new system with a new whois. Kim raised the very real issue of the purpose of the database being to enable people to contact the licensee of a domain. The objective I guess is to continue to support this function, while minimising abuse of the data. I must say that I struggle to see any real effect on enabling people to contact domain name licensees by removing the domain 'creation date' and 'street address' from visibility. I think having the organisation details, Suburb, phone numbers, email addresses, etc, is easily enough to make the domain name licensee contactable. If anyone can see a significant downside to making these two fields invisible, please say so. Regards, Mark Mark Hughes Effective Business Applications Pty Ltd effectivebusiness§pplications.com.au www.pplications.com.au +61 4 1374 3959 > -----Original Message----- > From: Ginger Fish [mailto:ginger-fish§scifi-art.com] > Sent: Friday, 1 March 2002 15:43 > To: dns§lists.auda.org.au > Subject: RE: [DNS] Now I am ANGRY > > > > Mark, Mark, Mark.. > > It's completely laughable that we cannot protect their personal data. > Australian consumers are paying the price by receiving > endless rounds of junk mail relating to renewals. > > It's clear the expertise required to write a little code that > would exclude > certian lines of data in the whois info being publically available is well > beyond our scope ( hey i can do it, i am a code master myself ). > > We talk about the importance of doing it. > > We talk about the possibilities of doing it in the "future" > > We "will" perform the task in the future ? > > Maybe ???? > > When we locate a highly skilled professional capable of performing the > task???????? What a joke ( you can still hire me, i am not that expensive > y'know ). > > If Melbourne IT or auDa placed any importance on protecting > registrant data, > it would have been protected LONG AGO. > > Tomorrow, domani, demain ? > > Alter the code, protect the data, squash the leak ( won't give > names, but i > have high suspicions about 2 guys there ), whatever.. This should > not be a point of discussion. This issue should have been fixed long ago. > > Maybe it's not completely unreasonable to suggest that if Melbourne IT or > auDA are not prepared to spend five minutes to implement a little security > to protect registant data (quite clearly they keep putting everything off > until ..."tomorrow") that the simple fact is... they can't be bothered. > > Talk is cheap and it only takes two seconds. Effecting change -- now the > five minutes that's required to do that clearly isn't available. > > Mark, there is NO downside to effecting the changes but no one > will speak up > because they are all too busy banging their heads on the wall reading this > crap. > > Melbourne IT, auDA, if they wanted to protect registrant data they would. > They would have done it months ago, they would do it now, they > wouldn't keep > presenting excuses and waiting for "tomorrow" > > > > Ginger Fish > can be serious in a nice suit sometimes > > -----Original Message----- > From: Mark Hughes [mailto:effectivebusiness§pplications.com.au] > Sent: Friday, March 01, 2002 12:23 PM > To: dns§lists.auda.org.au > Subject: RE: [DNS] Now I am ANGRY > > > The Registrar's database holds the domain name expiry date. > > The AUNIC database does not hold the expiry date, but does hold the domain > name creation date and the expiry date can be calculated pretty > reliably by > adding two year increments to it. > > A relatively effective solution appears to be to change the AUNIC site so > that two of the database fields: > > * the domain name creation date > * the first Organisation-Postal field, which has the street address > > are not visible to manual or automated enquiries. > > Can anyone see a downside to such a change to AUNIC? If so, please speak > up. > > > Note that since a new system will be implemented as part of the > introduction > of competition and that includes a new whois database, the > changes proposed > above are more relevant to the new system than then old. > > > Regards, Mark > > Mark Hughes > Effective Business Applications Pty Ltd > effectivebusiness§pplications.com.au > www.pplications.com.au > +61 4 1374 3959 > > > > -----Original Message----- > > From: craig.ng§maddocks.com.au [mailto:craig.ng§maddocks.com.au] > > Sent: Friday, 1 March 2002 12:09 > > To: dns§lists.auda.org.au; mehanna§tpg.com.au > > Subject: Re: [DNS] Now I am ANGRY > > > > > > Marco - I know what you mean ... but I don't think AUNIC is the > source. I > > have registered business names (but without corresponding domain > > names) and > > have similarly received marketing materials from our friend about their > > services. I believe that the source of information is through a > > simple search > > at the office of fair trading for $13.20. > > > > > > > > Craig Ng > > Partner > > Maddocks > > > > t +613 9288 0523 > > f +613 9288 0666 > > e craig.ng§maddocks.com.au > > > > >>> "mehanna§tpg.com.au" 1/03/02 11:54:33 am >>> > > Dear All, > > > > It is sad and is already happed with a few of My clients, > > The client was decieved in paying $199 because ING > > suggested that unless he renewed the domain it may > > be deleted, removed and registered by somebody else. > > While the above is true, the domain was registered to the client > > by us (the > > hosting provider) and was due for renewal and as such we sent > the renewal > > notice > > (price far lower than ING) for renewal at the right time!. > > > > What I am trying to say is that I know how they do this > > and I will even tell you how I found out. > > > > Firstly, I have quietly registered a new business name with > > the Fair Trading. then using my reseller account with MIT > > to register the domain name. > > > > I have not done any kind of marketing for the domain, > > no search engine submissions, zero marketing, I wanted to > > keep quiet about this domain for my future project. > > > > Two month Later I recieve a letter from ING, informing me about > the domain > > name , promotions and their pricing. > > > > I know one thing now, the only source they have is the aunic > > registry, as it makes all account details available to the mining party. > > > > the ASIC registry does not provide any contact details, nor does > > the ABR (Australian Business Register). The only way is aunice registry > > details. > > > > To AuDa: Once you have blammed NetRegistry for a security breach of > > the aunic data, But this data has always been available on aunic, and if > > you write a script, you can drill this data for all what it has!. > > > > AuDa, What are going to do about > it???????????????????!!!!!!!!!!!!!!!!!!! > > > > regards, > > > > Marco Botros > > Operations Manager > > Spirit Servers > > mehanna§spiritservers.com.au http://spiritservers.com.au > > ******************************************************* > > Spirit Servers, "A Solid, Reliable .dotHosting". > > > > > > > > > > ----- Original Message ----- From: Ginger Fish > <ginger-fish§scifi-art.com> > > To: <dns§lists.auda.org.au> > > Sent: Friday, March 01, 2002 11:20 AM > > Subject: RE: [DNS] Now I am ANGRY > > > > > > Way to go, Ron. > > Can you believe that a few companies out there only live on stealing > > renewals from other companies, and they get some decent business ...of > > course without the leak(s) in the central node of the system, > > that would be > > a bit more difficult , but still .. Of course to mask the main > > activity you > > can always "propose new products" around , a dummy rego site with exotic > > namespaces and other dummy tools that will make you "sound" > like a serious > > company that worries a lot about consumes well being ...shit > like that ... > > > > Ginger the Avenger > > > > > > -----Original Message----- > > From: Ron Stark [mailto:ronstark§businesspark.com.au] Sent: > > Friday, March 01, 2002 10:11 AM > > To: dns§lists.auda.org.au Subject: [DNS] Now I am ANGRY > > > > > > There's always another one .... > > > > Not 30 minutes ago I received a concerned phone call from one of our > > clients, who had just received an unsolicited renewal notice from > > an outfit > > DDNS (Discount Domain Name Services). The renewal notice cites > > the domain > > expiry date (Where DID they get the info?) in May, and is a clear > > attempt to > > hijack one of our clients. > > > > What REALLY makes me angry is the bold large statement on the > > bottom of the > > renewal notice ... "We support the AUDA resellers (sic) code of > conduct". > > > > To Simon Taft, if you're reading this - YOU ARE IN CLEAR > VIOLATION OF THAT > > CODE OF CONDUCT, even in its current draft form. I doubt that > > you even know > > what it means. > > > > You have no right to abuse or misrepresent auDA or its Code of > Conduct in > > this way, and your company's behaviour is totally unacceptable. > > Were there > > penalty provisions in place already, I would activate them against you > > without any compunction or hesitation. > > > > > > Ron Stark > > Business Park Pty Ltd > > mail: ronstark§businesspark.com.au phone: +61 (0)3 9592 6895 > > fax: +61 (0)3 9591 0729 > > mob: +61 (0)41 812 9922 > > CONFIDENTIALITY > > The information contained in this email is intended solely > > for the person to whom it is addressed, > > and is strictly confidential and privileged. > > If you are not the intended recipient or you have received it in error, > > please notify me immediately by reply email > > or on +61 (0)3 9592 6895, > > and delete this message from your system. > > > > > > ------------------------------------------------------------------ > > --------- > > List policy, unsubscribing and archives => > http://www.auda.org.au/list/dns/ Please do not retransmit articles on this > list without permission of the > author, further information at the above URL. (333 subscribers.) > > > > ------------------------------------------------------------------ > --------- > List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (333 subscribers.) --------------------------------------------------------------------------- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (333 subscribers.) ------------------------------- ------------------------ Craig Ng Maddocks Tel: (03) 92880555 International: +61 3 92880555 Fax: (03) 92880666 International: +61 3 92880666 Web: http://www.maddocks.com.au ------------------------------------------------------- The information in this electronic mail is privileged and confidential, intended only for use of the individual or entity named. If you are not the intended recipient, any dissemination, copying or use of the information is strictly prohibited. If you have received this transmission in error please delete it immediately from your system and inform us by email on info§maddocks.com.au. ------------------------------------------------------- --------------------------------------------------------------------------- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (333 subscribers.) --------------------------------------------------------------------------- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (333 subscribers.) --------------------------------------------------------------------------- List policy, unsubscribing and archives => http://www.auda.org.au/list/dns/ Please do not retransmit articles on this list without permission of the author, further information at the above URL. (334 subscribers.)Received on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:05 UTC