Sometimes, one of my clients wants or needs a blog. And the question always arises, should they use one of the free hosted blogging platforms, such as Typepad or Blogger or a hosted blog at WordPress.com, or should they download the WordPress software from WordPress.org and host it on their own site? [Read more…]
Archives for January 2008
Network Solutions Caught Front Running
“We had to destroy the village in order to save it, sir!”
That was basically the response of Network Solutions when it was caught with its hand in the cookie jar, registering domains for themselves that people had looked up in their whois registry. NetSol basically defended their contemptible practice by saying, “In order to prevent domain registration abuse, we’re committing domain registration abuse.”
WARNING: If you do a WhoIs search on a .com or .net domain at the Network Solutions website, NetSol will immediately register that domain. They will then kindly allow you to register it at NetSol — but they’ll also allow anyone else to register it, too.
Their claim that they’re “protecting” the domain “on your behalf” just doesn’t hold up. What they’re doing is ensuring that you cannot register the domain at some other registrar, such as GoDaddy, NameCheap, DotRegistrar, or any other registrar that actually charges a reasonable fee for domain registration. The only place you can register the domain is with Network Solutions, at their highly inflated registration fee of $35 (compare that to GoDaddy’s fee of about $10).
This practice costs Network Solutions nothing — by dropping the domain within the 5-day grace period, they don’t even have to pay the registration fee. Yet — yet — when they drop it, that domain goes on a list of dropped domains, and the domain tasters will snap it up. So, if you simply decide to wait it out until NetSol drops it, then register it at the registrar of your choice, you’ll likely miss out.
ICANN should stop with its hands-off posture toward registrars abusing their position of trust, and take action to prevent this sort of thing. NetSol should start behaving ethically, and should start charging fair prices for domain registration. Everyone should avoid ever using Network Solutions, for anything, ever again.
What’s next, Network Solutions? “We had to destroy the internet in order to save it, sir”?
Phishing and Phishing Detection
I recently had 2 diametrically opposite experiences with phishing. In the world of the Internet, “phishing” is when some entity (a scammer) — typically, a website or e-mail sender — pretends to be some organization that a user has a relationship with, and attempts to entice the user into providing personal and confidential information (such as passwords, bank account numbers, PIN numbers, etc.) to the scammer. eBay, PayPal, banks, and other similar sites are popular phishing targets.
PayPal Impersonators
Anyway, a client sent me a copy of an e-mail they had received, allegedly from PayPal, which contained “confirmation” of a purchase by the client using their PayPal account. The e-mail included a prominent link to “Dispute Transaction,” and the surrounding text instructed the recipient, “If you haven’t authorized this charge, click the link below to cancel the payment and get a full refund.”
Now, I understand that PayPal is good about chargebacks for fraudulant transactions, but I’ve never heard of them so openly inviting people to dispute a transaction. So that should have been a clue. Fortunately, when the client clicked the link to dispute the transaction, their antivirus program popped up with a warning message about it being a scam. The client then promptly contacted me to ask what they should do.
Undoubtedly, the link would have taken the client to a site that looked exactly like the PayPal site. There would have been instructions to log in to dispute the transaction. The client would have entered his PayPal account name and password, with the intention of disputing a fraudulent charge. Bingo! The scammer would have just got hold of the client’s PayPal login information — and there’s no telling what havoc would have been wreaked. Disaster averted — thank heaven the client had a security program installed and running on his computer.
Microsoft’s False Positive Phishing Warnings
And then there’s Microsoft. Internet Explorer 7, to be precise. With it’s much-vaunted “anti-phishing filter.” Bah, I say!
I recently started using an RSS feed from eBay to display live listings from eBay on an informational site. When I was testing the site in IE7, IE was giving me security warnings that this was a “suspicious site” and might be a “phishing site.” I know darn well it’s not — the site is clearly not eBay, it doesn’t pretend to be eBay, it’s clearly a separate site that doesn’t look anything like eBay — it merely displayed auction listings from eBay, with affiliate links to those listings on eBay.
IE7 offered me the option to submit a report to Microsoft, stating that I was the site’s owner and could verify that it wasn’t a phishing site. I did this, and the next day I got an e-mail from Microsoft that they had inspected the submitted URL, verified that it was not “phishing,” and removed the warning.
Then I discovered they had only removed the warning from one page of the site. In order to remove the warning from every page that used these listings, I would have to report every page individually.
This was first of all, much too time consuming, and second, far too annoying. I would have to submit that report for every single page on every single site where I wanted to use the eBay feed. So I set about looking for what the code might contain that caused IE to pop up the phishing warning.
Here’s what I learned:
- Text links to the eBay listings didn’t trigger the warning.
- The images, pulled in directly from eBay and displayed on my site, didn’t trigger the warning.
- But the images, when linked to the eBay listings, did trigger the warning.
Hmmm ….. I didn’t want to remove the links from the images. People are naturally inclined to click on the images. After some trial and error, I discovered that if I sent those links through a redirection script, it stopped the phishing warnings cold.
Yay me!