A lot of people have pointed out that .org is supposed to be for non profit or charitable organizations when they see our site.  While most people assume that all .org can only be registered this is not the case.  Anyone can register a .org in their name no matter what their intent is.

We originally decided to go with .org because we were fed up with our friends and family having horror stories about so called computer repair companies pulling the wool over their eyes and ripping them off at the same time.  Of course most of these stories were because the tech they hired weren't all that great, but paying so much just to cover their large corporate overhead seemed insane.

Domain name theft is more common than you expect.  We just don't hear about it that often.  It can easily be done by anyone and the profits from it are really good.  Some domain names are worth tens of thousands of dollars.

The information provided here is for educational purposes only.  You are the only person responsible for your actions.  If you use the information provided here in an illegal fashion it is only your fault.  By reading further you agree that you do not hold The Net Secure, the owners of The Net Secure, the employees of The Net Secure, or our affiliates at fault.

Steps to steal a domain name:

Method 1:

1) find a good domain name with an invalid admin email with an expired domain name.

2) register that domain name

3) create that email address

4) initiate a transfer request

Method 2:

Send a fax into the registrar claiming to be you.  This requires a bit of identity theft.

It is very easy to secure your domain name though.  Make sure your domain name is registered to an email address you use daily, and make sure your domain name is locked.

The following email and variants has been circulating:

Attention!

On October 30, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

{a link}

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Please do NOT follow those instructions.  That link will infect your computer.

For those wanting that link for analysis please email us on the contact us page.  We are currently researching this issue.

Social Engineering

Social engineering is the most dangerous form of security breach you have.  You are more likely to be a target of social engineering and actually fall victim to social engineering than any other form of hacking.  What is even worse is that the only requirement to do any sort of social engineering is some confidence.

According to Wikipeida:

Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

Educating your employees is the only way to reduce the likelihood of falling victim.  Combating against this gets harder the larger your company is, but here is some simple guidelines to follow:

• Stress to your employees that no one should ever give their password to anyone over the phone.  Emphasize this by informing them anyone caught doing so will be fired immediately.  This is the most important one!  You cannot emphasize this enough.  You might even go as far as testing a few people until someone gives in then make an example.
• Educate your users on phishing
• Introduce your desktop support team to everyone in the company and inform them no one else is to touch their computer, no exceptions.  Also an important one.
• Filter your emails
• Send out weekly newsletters that are fun and interesting to read.  Use these newsletters to educate your users of some online perils.

Of course with every company the educational part of network security varies, but you can contact us at TheNetSecure.org for an analysis and even schedule a class for your employees.  Education is 90% of the battle.