On Thu, Jan 13, 2000 at 02:35:02PM -0500, Shafik Yaghmour wrote:
> You make a pretty huge assumption that the administrator of
> that domain will miss the response from network solutions or will do
> nothing about it, both of which are not very good assumptions. Although I
> do agree it should be more secure, I don't think it is necessarily easy,
> it is possible someone could be lucky and do it but they would be dumb to
> place any bets on it. After one attempt you would hope if the admin was
> not using CRYPT-PW they would start using it.
No, we make the really tiny assumption that netsol are not lying when
they say the following in their documentation:
(this is in the section for people NOT using Guardian)
If you submit a Service Agreement to modify the domain name
registration from [EMAIL PROTECTED], or if the
technical contact sends one from [EMAIL PROTECTED], the
request will be processed and neither one of you will be notified
at any time during the transaction.
Wake up! There is NO security for people who opt not to use Guardian,
even a small child can post fake-mail so the From: check is worth
absolutely nothing.
Nick.
