Slashdot Mirror

It's a few days out of date; whois shows it as belonging to Transmeta, as of Friday.

where does such a respectable publication get off saying such things as "horrible teenage sex"?

Sex is a BEAUTIFUL thing between two very loving individuals. Sex is not a "horrible" action, but one of love, sacrifice, and mutual enjoyment. Pictures of such an act should be held in the highest esteem and broadcasted throughout the land...

And sex between teenagers is nothing but the purest of sex... that where individuals haven't been corrupted by money and power, and having their backs broken by middle management... okay, if it was between two UGLY teenagers having sex... maybe... but even then the ability for two grotesque individuals to find someone to share their special feelings with is a very very special occasion and also one which should be celebrated.

And if you'd like to start a web site to celebrate ugly teenagers having sex, www.uglyteensex.com is not yet registered!

So everyone, go out and visit your favorite site that supports the freedom of expression and passes along these beautiful images of sex and allows you to take them home with you and possibly even print them out (if you have a color printer).

ciao!

Okay...no one seems to have mentioned this, so thought I'd share a dirty little secret with my fellow slashdotters.

When a company pisses you off...fails to respond to your questions...or is just generally unreachable...there is something can get you on the inside track...run a WHOIS. Check out what is listed for handspring.com:


JD TECHNOLOGY (HANDSPRING-DOM)
189 RENARDO AVE.
MOUNTAIN VIEW, CA 94043
US

Domain Name: HANDSPRING.COM

Administrative Contact:
HAWKINS, JEFF (JH28760) JHAWKINS@HANDSPRING.COM
650 230 5000 (FAX) 650 230 2100
Technical Contact, Zone Contact:
BOLY, JEFF (JB37706) jboly@HANDSPRING.COM
650 230 5000
Billing Contact:
JD TECHNOLOGY (JT240-ORG) no.valid.email@WORLDNIC.NET
650 470 0944
Fax- 650 470 0943


Presto...look at all that information. There's a couple of fax numbers. Why not sent them a firm, but polite request for information? According to the WHOIS, they have phone numbers that begin with 650-230 and 650-470. Why not try wardialing them to see what other extensions you can find?

Notice the e-mail addresses and the pattern they follow: first initial plus last name. That means that you probably know the e-mail addresses for everyone on the Executive Team like Donna Dubinsky, Ed Colligan, Bernard Whitney, Mike Gallucci and so forth.

Also rememeber that any other domains that show up on a WHOIS can lead to more information. Check out all the other domains that ol' Jeff currently owns.

Now, of course, this is dirty dirty pool. These people are not going to like being contacted directly. But this only underscores how STUPID it is that Network Solutions forces us to put our real information in a public database. That's why I run a WHOIS on major technology companies every day. Whenever I get a busy Vice President on the phone...I am sure to let him know how I got this phone number so he can be sure to let that @#$!@$#! Network Solutions know what he thinks of this WHOIS nightmare.

Anyway...if you goal is to find out when your Visor is shipping...contacting someone on a WHOIS is a good way to make sure you get put last on the list. But a friend of mine had Handspring put an $800 hold on his credit card (which would cover the cost of THREE Visors, not the ONE he ordered) and after politely alerting everyone at Handspring to his problem, he got a personal apology from Donna. And later that day, a phone call from Sally, the head of customer service promising to resolve it ASAP.

So...to review...if you have a SERIOUS issue...go ahead and try a WHOIS. But remember that this type of contact can easily be considered abuse, so if aren't careful and tactful you will end up doing yourself more harm than good.

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

"The important thing about Linux (and Open Source and the Web) is that it shifts the balance of power back to the independent developers, the underfunded experimental coolness-of-the-thing-itself startup-type hackers"


For the time, yes it does bring back that power and the interest in the changing/hacking/creating a new environment that fits your exact needs. However, if one thing has proved evident in everything I have ever experienced, money motivates all too well. My concern is that all the recent hype and corporate adoption of *nix will corrupt what most of the geeks find to be "experimental coolness-of-the-thing-itself". What's to happen when those how have set the standards for these platforms pass on? Just look at what happened to the internet once John Postel left us.


SL33ZE, MCSD
em: joedipshit@hotmail.com

Here is an excerpt (with a relevant section bolded by me) from NSI's Dispute Policy:

10. Litigation. Independent of the provisions of Section 9 of the Policy, in the
event that:

(a) The registrant files a civil action related to the registration and use of
the domain name against the complainant in a court of competent
jurisdiction, and provides Network Solutions with a copy of the
file-stamped complaint, Network Solutions will maintain the status quo
ante of the domain name record pending a temporary or final decision
of the court. For example, if the domain name is not on "Hold," it will
not be placed on "Hold;" if the domain name is already on "Hold," it will
remain on "Hold." In such cases, Network Solutions will deposit
control of the domain name into the registry of the court by supplying
the registrant with the registry certificate for deposit. While the domain
name is in the registry of the court, Network Solutions will not make
any changes to the domain name record unless ordered by the court.
The registrant also shall promptly provide copies of any and all
pleadings filed in the action to Network Solutions upon Network
Solutions' request.

1. Go to http://www.corenic.org and find a registrar. I used NetWizards, http://www.netwiz.net. They've been quite good -- they even answer the phone!
2. In their words, "Name servers MUST be already registered with InterNIC or use CORE-registered domains." You can do that somewhere on the Network Solutions site. Don't even bother trying unless you meet those conditions.
3. If you have an InterNIC-registered nameserver, it then has to be registered with CoreNIC. NetSol apparently isn't sharing their databases.
4. After the CORE nameserver registration goes through, you can register your domain(s).

What do you get in return? Cheaper registration ($60/two years), real customer service, and an explicit antispam policy.

--Tom

Not according to NSI's whois page

I have over 21oo addresses from Dotcomexpress.com
Mymailbag.com
Nsimail.com(the best by far),
and Good old Dotcomnow.com that are now cashed, i.e. Browser temp folder to simple cut and paste from notepad and I'm in. Some of these people, judging from subject lines, have used these accounts to register domain names. If you fill out and e-mail network solutions with say, Domain Registration Template from the admin or tech contact account what do you think might happen? Nah! No biG dEaL ;)

Special Note: The NSI dotcomnow.com e-mail system vulnerability was discovered with a PalmIII PDA via a CDPD Novatel Plus Wireless modem connection to the internet using the Proxiweb browser..

Reply to Buddy on 01:17 PM September 20th, 1999 EDT

Well, you haven't seen it in the media because they are ignoring it. I've been paying way too much attention to this topic and I haven't heard a peep except what the hacker community already knows. This is not because I didn't try..Read On..

I messaged all the news media starting late Thursday night, Sept 16, 1999 and then into Friday. Tips@wired.com was the first place to be e-mailed: no response. Then I mailed local news and got the same. CNN, ABC, CBS, MSNBC, Microsoft (for the H of it), and NSI to name a few, were all mailed: again no response. Slashdot was also messaged sometime on Saturday, but there were 100+ submission pending, so I understand. http://slashdot.org/faq.shtml#Q42

The following message was sent:
You may already know this. I know at least one other person has figured it out.
The new Network Solutions E-mail systems are wide open. There are two ways to break in.
The first is to know the name of someone with an account with NSI, type
User: name
Pass: namensi
The second is this...
Here is the entry to the support account.
http://mail.dotcomnow.com/signup/poll/support?dlan g=default
Replace the word support with any valid account and bang, you're in.

The only response I received was sometime on Monday from http://netsecurity.about.com but well after it became public knowledge. .

As an ethical person, I wanted to give NSI fair warning. They were officially notified on Saturday, September 18, 1999. Since they were changing their production billing system on Saturday I figured that someone would react by verifying the hole and then taking down the system. This did not happen. I also tried calling. Don't try calling them; it's waste of time. 48 hours after notifying NSI, I released the information to various and nefarious sources detailing a 6-step process for guaranteed access. www.2600.com responded within minutes. In fact, they were so fast that they edited and posted the info about 5 minutes after it was sent. Now that's action.

Here's a copy of the original instructions:
Here is how to do it..
Instructions:
1. Click on Access Free Web Mail from Http://www.networksolutions.com
2. Click on one of the e-mail address near the bottom of the screen.
3. Click Click Here
4. Enter first and last name
5. Create a valid e-mail account
6. Wait until the screen says "Your Mailbox has been Created".
From here you can change the account name in this line
http://mail.dotcomnow.com/signup/poll/nametochange >?dlang=defaut
http://mail.dotcomnow.com/signup/poll/support?dlan g=default Actual Support Account

Here's a copy of the original mail I sent to my friends at 12:52 AM Sep. 18, 1999
Get this!
I just created an account on the Network Solutions new e-mail server and guess what...
I discovered a back door! NO SH***ING.....
Someone didn't do a good programming job here at all.
Simply type any name where you see the word "support"..
The link here will take you to their support e-mail
http://mail.dotcomnow.com/signup/poll/support?dlan g=default
If the account exists you will get in
http://mail.dotcomnow.com/signup/poll/oracle?dlang =default
http://mail.dotcomnow.com/signup/poll/microsoft?dl ang=default
http://mail.dotcomnow.com/signup/poll/whitehouse?d lang=default

Needless to say, We had a lot of fun collecting accounts over the weekend. Slightly on the dark side of ethical? Maybe, but isn't it more unethical to offer a service that you know is flawed and yet do nothing to fix it. More importantly, we collected these accounts to demonstrate that Hole #2 is still open. Yet, where is the news coverage, where is the outrage, and where does NSI get off ignoring this personal privacy breach. If you want to try out Hole #2 for yourself, you can e-mail me for a small list of inconsequential accounts. Hey M$, This method is also being used on Hotmail.

Message to the people who use Network Solutions freemail:
You should be scared. I'm nice and I'm trying to save you. I won't do anything, but I will make this information available to anyone (members of congress, the media, NSI, your neighbors) via request.
What does this mean?
IT MEANS WE CAN STILL READ YOUR E-MAIL
Solution: Forward and then delete all of your mail. Don't have any passwords mailed to the account. Don't register any Domain Names using the account. Stop using the NSI mail system until it's really fixed.

Message to NSI:
Shut down the server, fix the problem, and be nice. What you are doing is just wrong, very wrong. Get your third-party e-mail vendor to shape up. Or is that third-party thing just your way of shifting the blame? Tell us, who is this vendor and why do they suck so badly?

Message to the Mainstream News Media ( /. Excluded)
You Suck! Maybe NSI has some commercial hold on you or maybe you're just stupid. Why so much coverage on the Hotmail gaffs? NSI provided the world with a code free hack; a front door into their system. This was an idiot door far worse (my opinion) than the Hotmail blunder(s). I stumbled upon it with no thinking required. Is this not news? I guess that a mail system that is used by mostly "nerds" (taken from someone's previous post) isn't worth the attention. I understand that an earthquake in Taiwan, Raisa Gorbachev dying, and of course, Hurricane Floyd, are all big issues, but why so little comment in the tech and headline news media. Personally, I wanted to hear Sarah Baskin report it to the world. Oh well, poor me. Maybe some reporter will summarize what I've said here and get the word out that FREE MAIL IS NOT SAFE. Let me say it again...FREE MAIL IS NOT SAFE. I'm just a regular guy, I'm no "hacker". Look how easy it was to open up their system. This should be a wakeup call.

Well I have to go now. Unlike the folks at NSI, I need to stop playing around and get some real work done.

The first issue (unsolicited free emailaccounts accessible to all) isn't so much a security thing (after all, anyone can create an email pretending to be me from a free email service anyway) as it is a matter of trust.

NSI continues to show that it's not worthy of that trust. The data that was entrusted to them for technical and administrative purposes, is now a source of income for NSI, who are also denying others the right to do the same.

The terms of being registered with NSI, which at the time I registered my domains still had the monopoly, have been changing constantly.

If anyone can recommend a registry that will allow me to keep control of my data, please step forward. I want that control back.

NSI has shown that it's not worthy of our trust. NSI can't be and shouldn't be trusted. Not by the US Department of Commerce, not by ICANN, and not by Internet users in general.
--

From their sign up page

"Network Solutions now offers TWO e-mail services for your communication needs. Both give you the same reliability and security that has become synonymous with Network Solutions."

It seems to me the distinction between .org and .com and .net went out the window long ago.

Their "help" text says, about .org:

The top level domain designated for miscellaneous entities that do not fit under any of the other top level domains. Typically used for non-profit organizations. One of the worldwide top level domains.

Note that .org is only typically used for non-profits, and is really just a kind of miscellaneous category.

Then, if you use their handy-dandy Register a Web Address form, they suggest:

Secure your name in all 3 extensions (.com, .net, .org) to protect your Internet identity. Just click the box next to each additional Web Address you wish to secure.

Of course networksolutions is the spawn of Satan, but that's what people see- so why would it matter if a .org files for an ipo?

mail.dotcomnow.com login User ID: Password:

Apparently, part of the system has been shut off. I was sent the email and followed their directions; I could not log in. So I looked around a bit and found this page: There is an engine that will search by your domain name. Mine was not found, implying that my account was deactivated.

"This form will only work if you have already signed up for dot com mail. If your browser informs you that it was unable to locate the server, that means you have not signed up for dot com mail. If you would like to get dot com mail call, 1-888-642-9675."

Since they activated mine automatically and sent me a notice of this, it appears that they have shut down 1st logins.

This is absolutely crazy, and I want it to be the last straw. I have been screwed over by NSI both personally and professionally now:

1. I wanted to change the registrant name on zigg.com, which I registered years ago with a short-lived business of mine, to my own personal name, so I could dissolve the business. However, despite the fact that I sent them proof from the county that the business and myself were identical legal entities, they insisted that the change was a "domain transfer" and I'd have to reregister.
2. For two weeks now I have spoken and e-mailed at least ten different people on another issue. I recently came in to work at a startup ISP. The domains were registered through their "Registration Plus" or "WorldNIC" or whatever the hell they wanted to call it -- and the host record handles have periods in them! None of the NSI forms will accept these bogus host handles, and nobody who I can get access to -- not even after the front-line drones got so confused by what I was patiently trying to explain to them that they gave me the supposed "priority" e-mail address (priority@networksolutions.com, for those who are interested; but it still takes days to answer) -- understands the problem. I think I'm going to have to settle for registering the hosts under new IPs.

All in all, NSI has screwed me over again and again, and their callous disregard for professionals that need to get their jobs done by not even allowing me access to engineers (after repeated requests) to repair the aforementioned host handle problem is a load of bullshit.

Now, to the thrust of this posting -- where can I find these so-called alternative registrars? Are they yet capable of freeing me from the shackles of NSI -- to the point of never having to email anyone at networksolutions.com again -- and still keep my .com, .org, and .net's?

I sincerely hope that if they are not here now, that they arrive very soon. I have a lot of new business for them.

• Create a new Internic contact, if you need to.
• Wait a day or two until the contact is created.
• Go to http://www.networksolutions.com/makech anges/.
• Change the administrative, tech and billing contact codes to the new contact.

• Create a new Internic contact, if you need to.
• Wait a day or two until the contact is created.
• Go to http://www.networksolutions.com/makech anges/.
• Change the administrative, tech and billing contact codes to the new contact.

The drug law article puts me be a small but not insignificant step closer to agreeing with you. Unfortunately, the Government has sensed this and has managed to erode our second amendment rights with our consent.
It's an AB-BA locking order. The fundamental right is that of free speech. Second to that is the right to defend it. To deny the right to free speech, the means of defending it must be taken first.

Hmm... I wonder if anyone has ever tried defending encryption using the second amendment? :^)

The trademark law worries me as well. The Internic already made some effort to manage this. Changes in top level domain management may require that this (very reasonable) policy become law.
Nonetheless, it's a fine line to draw. What I wonder is why congress doesn't attempt to allow existing tradmark law sort it out. At present, there's no infringement to use "Pepso" as a brand, or to make a statement about Pepsi, the product. For the most part, the existing trademark laws are reasonable, and these laws should transfer easily to domain names.

What both of these articles demonstrates is the profound cluelessness of our lawmakers. They continue to define it as a new media not suceptible to current policies. The technology is new, but there is nothing new about either free speech or trademarks.
Basically, I think it comes down to the fact that Congress wants to look like they are doing something relevent to current events and culture. They simply fail to understand their actions, and do not consider that they may do more harm than good.

To get back to the first point - rights are first denied blindly by fools. Later they are denied delibrately by the opportunists who replaced the fools.

Any links to the proposed legislation for review? How about some links to good ways to fight it?

hm, I put the correct URL in the [quote] above, but for some reason it contains a link to slashdot.org instead. The correct URL is http://www.networksolutions.com/help/general/gener al.html#name6

This would be consistent with what you just said.

Anyone trying to build a large database would use the whois program for queries.

Someone trying to look up an individual record would use the web based interface.

http://www.networksolutions.co m/cgi-bin/whois/whois/

what about on the title 'slashdot' and the sitename say slashdot.com?

Wow, nice work!! How'd you make the connection between the two companies?

Here are links to the whois pages for chooseyourmail.com and ibli.com.

It looks to me like a traditional mailing list company is trying to make its initial foray into email address collecting. Apparently they're claiming to be helping stomp out spam by collecting stuff to sell to spammers. Grrr...

Wow, nice work!! How'd you make the connection between the two companies?

Here are links to the whois pages for chooseyourmail.com and ibli.com.

It looks to me like a traditional mailing list company is trying to make its initial foray into email address collecting. Apparently they're claiming to be helping stomp out spam by collecting stuff to sell to spammers. Grrr...

To: help@networksolutions.com

Please read the first paragraph of this news article about NSI: http://www.news.com/ News/Item/0,4,0-35228,00.html?st.ne.fd.mdh

I will be extremly upset if you begin selling my data (and my clients' data). When I divulge sensitive contact information, I expect it to be kept confidential. The whois interface has always been ONE WAY - query and response. That's very different from selling a list split out by demographic. The contact info I keep in your database is to be used in case of a NETWORK OUTAGE. The last thing I need is for yahoos (excuse the pun) start calling me at all hours on the "emergency line".

Not to mention the fact that your system bites. Yahoo could do a better job of organizing a database - and keeping it secure. When is the soonest I can take my business elsewhere?

I would like all DNS entries (host, domain, contact, everything!) connected to the host sam.julianhaight.com REMOVED from any lists you are selling.

-=Julian=-

Also, read the site. There is no such thing as a "domain name". There are "web addresses". Since when is the web == whole bloody Internet???

It's funny, Donnie Barnes, myself and some others on the RedHat list were talking about being net/linux-geezers. I'm all of 26, but I remember using the Internet when there was NO web. Mark Andreesen and his pals were just a bunch of grad students who saw what some physicists in Switzerland were doing, then wrote a nifty X app to parse the stuff. That was the web. Funny, I remember domain names existing before that... :-)

Besides, AT&T owns the rights to the word "Internic". I wonder what gives NSI the right to redirect http://www.internic.net/ to http://www.networksolutions.com/. I don't see AT&T giving them the right to do that.

Also, these clowns are claiming 3.4 million domain names. Let's see.. 3.4M * $35 = $119M. These clowns have revenues of at *least* $119M, and can't even manage to keep the registry database running properly (anyone notice a week or so ago, when about half of the .(com|net|org|edu) domains dropped out of the registry (yet remained in the root servers)? $119M, and they can't even design a decent database system to warehouse the data. I dare say that I could build something fault tolerant that would handle the capacity that NSI's whois servers (oh, and try to telnet to rs.internic.net now!) currently handle, and then some for $10M - 20M. Sheesh.

--j

First off, they changed it on a Saturday when no one was looking, except people like me who get assigned to a spam-hunter task. (Some idiot spammed our help mailbox at work.)

Secondly, it's too hard to find what one is looking for, even for newbies who the new redesign is presumably aimed at.

I do have to correct the previous poster-if you enter slashdot.org, for example, you get this:

Registrant:
Rob Malda (SLASHDOT2-DOM)
etc. just like the old whois.
(I picked Slashdot because, well, everyone knows who owns the domain name :o) )

So that part of the whois is working. The whois itself has moved to http://www.networksolutions.com /cgi-bin/whois/whois. Not as easy as rs.internic.net, but it's still there. The link to it is buried pretty deep.

In short, whoever designed the UI for NSI should be taken out back and shot. I much prefer the IANA setup...

http://www.network solutions.com/cgi-bin/whois/whois?slashdot.org

...they just make you type a longer domain and an extra '/whois'.

btw, the InterNIC sucks. Their PGP is still broken; I guess they've been too busy redesigning the site to sell some tshirts. Bah.