[arin-ppml] ARIN-prop-180 ISP Private Reassignment - intent to revise
hannigan at gmail.com
Thu Aug 16 23:59:37 EDT 2012
Whois data is largely in error. Anyone saying safety is a basis for the
directory is in error.
The black hat analogues are a bit off as well. A name is not enough. It's a
start, but users don't safeguard their privacy anywhere generally.
On Thursday, August 16, 2012, Jimmy Hess wrote:
> > As for the BULL, one can argue that banks do not have to put a sign
> > where the vault is or the keys to the vault are on the front door either.
> > But I guess all analogy is just analogy.
> The difference, with WHOIS contact information, there is a safety
> consideration, with regards to the public's ability to identify you
> and reach technical contacts for your network, to correct problems or
> put a stop to abuse.
> Just because you want your bank to be secure, does not mean you may
> remove all EXIT signs and post your guards at the main entrance.
> If you are suggesting that WHOIS is a go-to resource for would-be
> network intruders, I would say that's just totally naive... when a
> simple DNS lookup finds the website, a simple DNS scan for
> interesting names finds other hosts, and then there are public copies
> of the internet routing table readily available to determine what
> prefix is announced.
> Your typical network intrusion starts with an insider visiting a
> malicious website, or being the target of a social engineering attack.
> The actual significant rsk I see WHOIS could in theory pose here, is
> it can sometimes provide the real name and e-mail address of a
> person, whom a black hat /might/ be able to impersonate, the
> hacker might be able to fool another person in the organization into
> divulging their password over the phone, by using caller id spoofing
> and pretending to be the person listed in WHOIS....
> You are receiving this message because you are subscribed to
> Unsubscribe or manage your mailing list subscription at:
Sent via a mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-PPML