RE: WHOIS Privacy Stalemate... Again

["Larry Seltzer" <Larry () larryseltzer com>]

> > Private registration is an issue when bad guys register domains, but
in practice I don't see this too often.

I've seen it plenty, but your next point is certainly true:

> > ...It's more often that they use completely made up information or
just use a stolen identity....

Exactly, in which case access to whois information does you, the person
inquiring into the domain, no good at all. True, you can let the person
whose identity was stolen know about it, but they'll find out before too
long, and by the time you contact them it's too late.

Actually, most often what I see is that it points to a probably real,
but non-responsive contact. 

> > ...Access to the WHOIS information is also helpful when a legitimate
organization has had their resources misappropriated...

You mean like transferring the company domain to your personal account?
This happens, but it's pretty rare. And what good is it to see the
whois? It doesn't speed up the recovery process any.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.