You instruct your old registrar to change the "IPS tag" to point the domain to your new registrar.
You tell your new registrar that the domain just assigned to them is yours.
The new registrar then dutifully updates all of Nominet's records. Even if the name... email... address... you provided them with bears no relation to the existing (private?) registration information. Who cares if you had 2 factor authentication enabled on the original Nominet account, your domain is gone.
Nominet says the onus is on the registrar to ensure they verify you're the owner when going through this process. But they don't?
What's to stop someone scraping whois records (that IPS tag is public) and racing to claim the domains you're transferring before you do?
Apparently nothing. A few weeks ago I ran a little test. I registered a new domain at one registrar and immediately asked they change the IPS tag to another. A coworker watched over my shoulder as I retrieved the whois details for my domain to see the tag change, but then I got distracted looking for cake/looking over their shoulder. They set up a new account at the second registrar and claimed the domain, using no secret information and without either registrar or Nominet gaining my consent.
What am I missing? Do some registrars I haven't tried put effort into verifying your ownership? Is it just a few bad actors?
UPDATE: One registrar I've contacted has now promised they've updated their systems to email the owner listed by Nominet for confirmation, before handing over the domain. Minor success...
It doesn't answer the "Why?" though... It turns out that hitting the "Sign out of all devices" button triggers the issue. I guess the Chromecast stores a token which isn't invalidated or replaced, even if you log in again through the Android app.
Until Netflix/Google fix the bug, it might be time to think about upgrading your Netflix plan or telling "someone" to get their own account!
freenode will be upgrading their services very soon. One of the major new features that this upgrade will bring is the ability to identify using ssl certificates. Here's a very quick guide on how to get started.
You can connect to freenode using ssl without using certfp to identify.
Generating your own certificate
You will need openssl installed. Check your operating systems documentation for this. Once done, the following commands will create a certificate and set sensible permissions: mkdir -p ~/.irssi/certs cd .irssi/certs/ openssl req -nodes -newkey rsa:2048 -keyout mynick.key -x509 -days 365 -out mynick.crt cat mynick.crt mynick.key > mynick.pem chmod 0400 mynick.key mynick.pem
Needless to say, don't give anyone these files!
Connecting with SSL
The testnet is available at irc://testnet.freenode.net:9003 on ssl so make sure you are connecting to that!
After starting irssi, that means something like: /network add freenodetest /server add -auto -ssl -ssl_cert ~/.irssi/certs/mynick.pem -network freenodetest testnet.freenode.net 9003 /save /connect freenodetest
Or if modifying an existing server config: use_ssl = "yes"; ssl_verify = "no"; ssl_cert = " ~/.irssi/certs/mynick.pem ";
Once you launch irssi, you should see that you are given usermode +Z: 13:41:49 -!- Mode change [+Z] for user Pricey
If you /whois yourself, you should also see your certificate fingerprint: 14:04:43 -!- Pricey [~firstname.lastname@example.org] 14:04:43 -!- ircname : pricechilde 14:04:43 -!- server : barjavel.freenode.net [Paris, FR] 14:04:43 -!- : is using a secure connection 14:04:43 -!- : has client certificate fingerprint aaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbb0000 14:04:43 -!- hostname : 184.108.40.206 220.127.116.11 14:04:43 -!- idle : 0 days 0 hours 0 mins 3 secs [signon: Fri Apr 6 14:04:40 2012] 14:04:43 -!- End of WHOIS
If you don't see the fingerprint line, you need to go back and figure out what you've done wrong.
Giving Services your certificate fingerprint
Finally, we need to tell services about our certificate fingerprint. (If you haven't specified your account password as your server password, sasl'd or had a script take care of it, identify first!) /msg nickserv cert add aaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbb0000
(using the fingerprint from your whois.)
One final thing of note is that the testnet is using a self signed certificate. You can not simply use the ssl_capath option to point to your distributions existing ssl certificates. Irssi will warn you that this is the case and not connect.