Anyone want a domain?



  • The company I work for has had a domain name held for us by a local law firm for quite some time.  Recently we decided we'd like to start making use of it so I was asked to contact the firm and make the arangements to hand over control to us.  I started with an email explaining the situation and  waited for a little over a week with no response.  After talking with my boss who normally deals with this firm he asked me to "just give them a call".

    Thinking that there's no way a simple phone call would do the trick I figured I at least give it a shot.  The conversation went something like this:

    Receptionist: "Thank you for calling Dewey, Reckum and Howe.  How may I direct your call?"
    Me: "Could I please speak with <lawyer>?"
    Lawyer: "This is <lawyer> how can I help you?"
    Me: "H <lawyer> this is MommyItBurns from <companyname>.  I sent you an email a little over a week about about transferring a domain back over to us and I've not heard back from you."
    Lawyer: "Gee, I don't recall that, let me check.  Nope nothing here."
    Me: "Well, I'd really like to get the ball rolling.  What do we need to do?"
    Lawyer: "I could make the changes for you but I'll tell you what let me give you our Network Solutions login and password so you can change it yourself.  just make sure to only change yours.  There's a few of them there.'
    Me: <boggle>
    Lawyer: "Here you go it's XXXXXX and the password is YYYYYY."

    Yes ladies and gentlemen she gave me the keys to their domain escrow kingdom.  Hundreds of domain records, including those of their firm and several financial institutions were place at my mercy based off of a less than five minute phone call and my assertion that I worked for one of their clients!

    Needless to say their services will no longer be in use by our company.

     

     

     



  •  The Real WTF® is having the username XXXXXX with the password YYYYYY. Not very secure!



  • better than hunter2



  •  Or 12345.



  • 1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!



  • @DKNewsham said:

    1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!
     

    One Schwartz for the reference and another for delivery. 



  • @SkaveRat said:

    better than hunter2

     

    What's wrong with that?



  • some bash.org quote



  • @t-bone said:

    some bash.org quote

     

    lol Social engineering at its best.



  • @MommyitBurns said:

    Needless to say their services will no longer be in use by our company.
     

    I don't see where the problem is. Mutual trust is the fundamental basis of all successful and growing business. There still are places in this world where not every contract or order has to happen in writing and needs to be signed manyfold in order to be executed to the letter by the contractor and be paid to the penny by the customer. Abuse of trade secrets (such as usernames and passwords) will be the end of your business in those countries.



  • @TheRider said:

    Mutual trust is the fundamental basis of all successful and growing business
    Fine. Dewey, Reckum and Howe trusts <companyname>.

    But what about the other Dewey, Reckum and Howe's customers? Did they express their trust in <companyname>? Does <companyname> know what other people have acess to their domain records?



  • Dammit. The tags aren't sent by email so I didn't read them.

    (also, I mystiped 'access') 



  • @Zecc said:

    (also, I mystiped 'access') 
     

    Oh the irony.



  • Yes, it almost looks intended, doesn't it?



  • @Zecc said:

    Yes, it almost looks intended, doesn't it?
     

    I never can tell with someone who flames a person without reading the post and the tags that go with it.



  •  Ignoring the fact that she allowed me access to domains belonging to other companies she gave me access based soley on my claim that I worked for a company she had a relationship with.   In this case I was legitmate it could have easily have been Joe Hacker calling in.  Anyone that would hand over such sensitive information so easily shouldn't be entrusted with it.

     

    Damnit I missed the tags.  Chalk it up to being new here.



  • @MasterPlanSoftware said:

    @Zecc said:

    (also, I mystiped 'access') 
     

    Oh the irony.

    ROFL



  • We really need some sort of universally recognised irony mark

    @MasterPlanSoftware: said:

    Oh the irony.
    I just realized this could be interpreted as a recognition of me being ironic.



  • Next part of the conversation:

    Yourself:  Hmm, the registrar asking for a security question/answer to login - it's asking... what's your bank account & routing number, oh, and your SSN...



  • There are many law firms that rely on their ability to sue to handle all of their security needs.

    Note, however, that I don't think this excuses the behavior, so much as explains it. Personally, I wouldn't do business with such a law firm either. (And, if I found out I were working for such a firm, I'd do my best to educate them on the concept of, "If you don't actually know exactly who you are dealing with, to court-admissible levels, you can't sue them." If that didn't work, I'd find another job.)


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.