ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Phishers Target NetRegistry Users

  • To: icann-board@xxxxxxxxx, rod_beckstrom@xxxxxxxxx, ga@xxxxxxxxxxxxxx, abuse@xxxxxxxxxxxxxxx, info@xxxxxxx, "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Subject: Re: [ga] Phishers Target NetRegistry Users
  • From: Hugh Dierker <hdierker2204@xxxxxxxxx>
  • Date: Thu, 18 Mar 2010 17:27:03 -0700 (PDT)

Now Jeff,
 
Are you suggesting that we must protect people from being stupid?
 
I do not believe we need to put signs every 3 feet warning people that when it 
is wet it is slippery.  Do we have to tell people not to give information to 
someone they do not know?
Do we have to warn them that if they leave 10 dollars on the sidewalk it may 
not be there when they come back?
 
I am not even sure we should allow business to deny access to who they do 
business with.
What do you want done about this?

--- On Wed, 3/17/10, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx> wrote:


From: Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx>
Subject: [ga] Phishers Target NetRegistry Users
To: icann-board@xxxxxxxxx, rod_beckstrom@xxxxxxxxx, ga@xxxxxxxxxxxxxx, 
abuse@xxxxxxxxxxxxxxx, info@xxxxxxx
Cc: jeffrey@xxxxxxxxx, robert.smith1@xxxxxxxxxxxxx
Date: Wednesday, March 17, 2010, 2:51 PM



All,

  What is ICANN doing about this?  Where is the SSAC?  On a junket 
perhaps?  I took notice that NetRegistry does not have DNSSEC nor
IPSEC implmented.  Small wonder they are being attacked and small
wonder they are also being duped.  Yet I do hope that NetRegistry
will be getting this attack thwarted sucessfully and soon as well
as the actual culpret, likely an insider, identified and dealt with
appropriately.  Still seems to me that ICANN oversight of it's 
accredited registrars is poor.

See:
(March 15, 2010)
Phishers using a Brazilian domain name have launched an attack against
customers of Australian domain name and hosting company NetRegistry.
The emails arrive with the subject: Please Update.  The body of the
message asks users to provide their usernames and passwords to verify
their profiles; the message also says that if they do not provide the
requested information, their email accounts will be deactivated.
NetRegistry has sent warnings to its customers reminding them that it
will never ask them to provide login information via email.
http://www.securecomputing.net.au/News/169589,hackers-attempt-to-dupe-netregistry-customers.aspx
http://www.itwire.com/business-it-news/security/37605-netregistry-proactive-response-to-phishing-attack

Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing, 
strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827




      


<<< Chronological Index >>>    <<< Thread Index >>>