NinerNet Communications™
Blog

Corporate Blog

Quarterly kwacha rate review, Q3 2017

2 July 2017 20:46:43 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are lowering our retail kwacha prices effective today and until the next quarterly review by about 5%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 150.00
  • mailONE hosting plan (monthly): ZMW 100.00
  • gTLD domain (annually): ZMW 190.00

Our new kwacha rates will be online within 24 hours.

Quarterly kwacha rate review, Q2 2017

1 April 2017 08:36:39 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are maintaining our retail kwacha prices until the next quarterly review.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our kwacha rates are available on our website.

Reminder of domain renewal scams

12 February 2017 02:22:14 +0000

The scammers trying to separate you from your money never sleep and we’ve been meaning to send a reminder about that for a while now. Were prompted today by a couple of things: the first being a client who recently mistook one of these scams for a legitimate notice from NinerNet, and the second the receipt of four emails to us that arrived in quick succession in the span of 22 minutes this morning from the same scammers.

What these scams have in common is that they’re sent to the email address you use in your domain registration, and masquerade as domain renewal notices. The management of the WHOIS system — the database of domains and their owners — is a bone of contention among many, and after more than three decades ICANN has still not figured out how to make the WHOIS system useful for legitimate purposes while protecting domain owners from scams like these. We make five suggestions in the “Lessons to be learned” section of a rather long and detailed post from last year if you’re annoyed at the amount of spam you receive. One of those suggestions is not private domain registration, despite the fact that we can make money on that service.

The two particularly active scams that you should be aware of are these two:

You’ll note that the latter dates back to at least 2015. If the scam wasn’t working, they’d stop. Don’t be scammed!

If you have any questions or concerns, please let us know. Thanks.

Another domain SEO scam

12 February 2017 01:34:28 +0000

SEO scam screenshot.

Yet another SEO scam posing as a domain registration renewal notice has been making the rounds. At first we thought it was the same as one we have posted about before — just with a new look — but we’ve received the old one recently too, so it’s not.

As always, anything you receive about your domain that is not from NinerNet Communications is almost certainly a scam, unless you have very recently initiated the purchase of a product or service connected to your domain at the time you receive the email. If you’re not sure, please forward it to us and we’ll be happy to help you determine its validity.

Please click on the thumbnail to see the scam email full size.

Final notice of change of Canadian mailing address

9 January 2017 07:47:22 +0000

As mentioned previously, our Canadian head office address has changed. The old post office box address in Vancouver is no longer in operation effective 7 January 2017, and in fact has been intermittently “broken” since several months before, with some mail either being returned or going missing.

Once again, the following is our new and current mailing address:

NinerNet Communications Company
535-15216 North Bluff Road
White Rock BC  V4B 0A7

Thank-you for your attention to this matter, and we apologise again for the necessity of making this change.

Quarterly kwacha rate review, Q1 2017

2 January 2017 00:00:00 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are maintaining our retail kwacha prices until the next quarterly review.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our kwacha rates are available on our website.

Zambian domains update

27 December 2016 03:17:55 +0000

To update our earlier post, ZICTA finally contacted us on the afternoon of the 12th. Again — unbelievably — we had to explain basic networking concepts to them to help them understand why our client’s domain was not working.

However, they also explained or blamed part of the problem on Zamnet for not deleting the domain from their nameservers after they had hosted it previously. Zamnet are entrusted by ZICTA with the stability and security of two of the four nameservers that run the dot-zm ccTLD, and yet they apparently can’t perform basic nameserver maintenance. This is shocking to say the least.

Our client’s domain was finally back online again and stable and functioning properly by the 13th (after we contacted ZICTA on the 10th) … but for how long? It is only a matter of time before either our client’s dot-zm domain or another dot-zm domain goes down, again caused by mismanagement by ZICTA or one of the organisations they contract to provide name service.

Don’t register dot-zm domains. Seriously.

Christmas wishes and hours

25 December 2016 15:05:15 +0000

We’re a little behind this year, but we would like to wish you and those in your organisation and your families a Merry Christmas, and all the best for a prosperous New Year. We have appreciated your business in 2016 and look forward to continuing to serve you in 2017.

Over Christmas and the New Year our administrative side will be taking a break, and will be back on the job on Tuesday 3 January 2017. We will, of course, continue to monitor servers 24/7, and emergency support requests will be dealt with.

Thanks again for your continued business.

Zambian domains (.zm) are broken, don’t register them

12 December 2016 08:53:45 +0000

A little over a year ago we detailed the laborious process by which we managed to bypass an incompetent dot-zm domain registrar — Realtime Technologies Ltd. / Hai Alive Telecommunications — to speak directly to ZICTA (the Zambia Information & Communications Technology Authority) about a problem caused by ZICTA and misdiagnosed by Realtime/HAI.

You may or may not believe this, but the exact same thing is happening again, but with a different dot-zm domain registered through Realtime/HAI.

We contacted ZICTA and Zambia CIRT, through the same channels we used last time, early on the morning of Saturday 10 December. Over forty-eight hours later we still have not received an acknowledgement of our email, and the problem persists.

With the domain redacted to protect our client’s privacy, the evidence that is much the same as for the problem last year is presented below. What is particularly interesting about the information reported by one of the dot-zm nameservers (hippo.ru.ac.za) is that it is still reporting the pch.nic.zm and ns1.coppernet.zm nameservers as being authoritative for the dot-zm ccTLD. (See the IANA website for the nameservers for the dot-zm ccTLD.) The former was the problem nameserver last year, and was apparently promptly decommissioned after our report. However, I see that it is now back online at a new location. Ironically, this time it is actually reporting the correct DNS information for this domain. The latter belongs to the now-defunct Coppernet; although there is still an A record pointing ns1.coppernet.zm to 41.222.240.15, that nameserver simply does not respond at all.

We’ll post further updates when (or if) this problem is resolved. However, we really cannot emphasise strongly enough that you should not register dot-zm domains, and if you have one, you should transition away from it as soon as possible.


Update, 2016-12-27: Posted an update.


[00:00:05 leftseat@wrathall ~]$ whois zxxx.org.zm
Domain Name: zxxx.org.zm
Domain ID: 11559-zicta
WHOIS Server: whois.nic.zm
Referral URL:
Updated Date: 2016-11-29T11:40:45.292Z
Creation Date: 2015-05-12T09:27:15.528Z
Registry Expiry Date: 2017-05-12T09:27:15.611Z
Sponsoring Registrar: Realtime (Z)
Sponsoring Registrar IANA ID:
Domain Status: ok
Registrant Name: REDACTED
Registrant Organization: REDACTED
Registrant Street: lusaka
Registrant City: lusaka
Registrant State/Province: lusaka
Registrant Postal Code: 10101
Registrant Country: ZM
Registrant Phone: +260.REDACTED
Registrant Phone Ext:
Registrant Email: REDACTED
Name Server: ns1.niner.net
Name Server: ns2.niner.net
DNSSEC: unsigned
Additional Section
Sponsoring Registrar URL:
Sponsoring Registrar Country: ZM
Sponsoring Registrar Phone:
Sponsoring Registrar Fax:
Sponsoring Registrar Customer Service Contact:
Sponsoring Registrar Customer Service Email:
Sponsoring Registrar Admin Contact:
Sponsoring Registrar Admin Email:
>>> Last update of WHOIS database: 2016-12-12T07:31:46.321Z <<<

TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of electronic processes that are high-volume and automated.  THis WHOIS database is provided by as a service to the internet community.

The data is for information purposes only. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes. The compilation, repackaging, dissemination or other use of this Data is expressly prohibited.
[00:00:14 leftseat@wrathall ~]$ dig zxxx.org.zm ns

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51871
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; ANSWER SECTION:
zxxx.org.zm.		300	IN	NS	ns1.niner.net.
zxxx.org.zm.		300	IN	NS	ns2.niner.net.

;; Query time: 4627 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Dec 12 00:00:28 PST 2016
;; MSG SIZE  rcvd: 85

[00:00:28 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.niner.net

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.niner.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34521
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; ANSWER SECTION:
zxxx.org.zm.		300	IN	NS	ns1.niner.net.
zxxx.org.zm.		300	IN	NS	ns2.niner.net.

;; ADDITIONAL SECTION:
ns1.niner.net.		300	IN	A	65.61.166.128
ns2.niner.net.		300	IN	A	65.61.166.129

;; Query time: 97 msec
;; SERVER: 65.61.166.128#53(65.61.166.128)
;; WHEN: Mon Dec 12 00:00:36 PST 2016
;; MSG SIZE  rcvd: 117

[00:00:36 leftseat@wrathall ~]$ dig zxxx.org.zm ns @hippo.ru.ac.za

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @hippo.ru.ac.za
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51448
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; AUTHORITY SECTION:
org.zm.			86400	IN	NS	ns2.zamnet.zm.
org.zm.			86400	IN	NS	pch.nic.zm.
org.zm.			86400	IN	NS	ns1.coppernet.zm.
org.zm.			86400	IN	NS	ns-zm.afrinic.net.
org.zm.			86400	IN	NS	ns1.zamnet.zm.

;; ADDITIONAL SECTION:
ns1.zamnet.zm.		86400	IN	A	196.46.192.26
ns1.coppernet.zm.	86400	IN	A	41.222.240.15
ns2.zamnet.zm.		86400	IN	A	196.46.192.21

;; Query time: 347 msec
;; SERVER: 146.231.128.1#53(146.231.128.1)
;; WHEN: Mon Dec 12 00:03:14 PST 2016
;; MSG SIZE  rcvd: 212

[00:03:14 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.zamnet.zm

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.zamnet.zm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5881
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; AUTHORITY SECTION:
zxxx.org.zm.		86400	IN	NS	ns1.niner.net.
zxxx.org.zm.		86400	IN	NS	ns2.niner.net.

;; Query time: 330 msec
;; SERVER: 196.46.192.26#53(196.46.192.26)
;; WHEN: Mon Dec 12 00:03:35 PST 2016
;; MSG SIZE  rcvd: 85

[00:03:35 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns2.zamnet.zm

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns2.zamnet.zm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27780
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; ANSWER SECTION:
zxxx.org.zm.		604800	IN	NS	ns2.zamnet.zm.
zxxx.org.zm.		604800	IN	NS	ns5.zamnet.zm.

;; Query time: 337 msec
;; SERVER: 196.46.192.21#53(196.46.192.21)
;; WHEN: Mon Dec 12 00:03:42 PST 2016
;; MSG SIZE  rcvd: 83

[00:03:42 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns-zm.afrinic.net

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns-zm.afrinic.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43162
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; AUTHORITY SECTION:
zxxx.org.zm.		86400	IN	NS	ns1.niner.net.
zxxx.org.zm.		86400	IN	NS	ns2.niner.net.

;; Query time: 324 msec
;; SERVER: 196.216.168.44#53(196.216.168.44)
;; WHEN: Mon Dec 12 00:03:53 PST 2016
;; MSG SIZE  rcvd: 85

[00:03:53 leftseat@wrathall ~]$ dig pch.nic.zm any

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> pch.nic.zm any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 261
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;pch.nic.zm.			IN	ANY

;; ANSWER SECTION:
pch.nic.zm.		81758	IN	A	204.61.216.73

;; Query time: 10 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Dec 12 00:16:20 PST 2016
;; MSG SIZE  rcvd: 55

[00:16:20 leftseat@wrathall ~]$ whois 204.61.216.73

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=204.61.216.73?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange:       204.61.208.0 - 204.61.217.255
CIDR:           204.61.216.0/23, 204.61.208.0/21
NetName:        WOODYNET-204-61-208-0-21
NetHandle:      NET-204-61-208-0-1
Parent:         NET204 (NET-204-0-0-0-0)
NetType:        Direct Assignment
OriginAS:
Organization:   WoodyNet (WOODYN)
RegDate:        1995-01-26
Updated:        2012-03-02
Ref:            https://whois.arin.net/rest/net/NET-204-61-208-0-1

OrgName:        WoodyNet
OrgId:          WOODYN
Address:        2351 Virginia St
City:           Berkeley
StateProv:      CA
PostalCode:     94709-1315
Country:        US
RegDate:        2001-05-16
Updated:        2013-04-02
Ref:            https://whois.arin.net/rest/org/WOODYN

OrgAbuseHandle: BW1324-ARIN
OrgAbuseName:   Woodcock, Bill
OrgAbusePhone:  +1-415-831-3103
OrgAbuseEmail:  woody_AT_pch.net
OrgAbuseRef:    https://whois.arin.net/rest/poc/BW1324-ARIN

OrgTechHandle: BW1324-ARIN
OrgTechName:   Woodcock, Bill
OrgTechPhone:  +1-415-831-3103
OrgTechEmail:  woody_AT_pch.net
OrgTechRef:    https://whois.arin.net/rest/poc/BW1324-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

[00:16:32 leftseat@wrathall ~]$ dig -x 204.61.216.73

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> -x 204.61.216.73
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46703
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;73.216.61.204.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
73.216.61.204.in-addr.arpa. 900	IN	PTR	pch.nic.zm.

;; Query time: 1670 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Dec 12 00:16:44 PST 2016
;; MSG SIZE  rcvd: 79

[00:16:44 leftseat@wrathall ~]$ dig zxxx.org.zm ns @pch.nic.zm

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @pch.nic.zm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10234
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zxxx.org.zm.			IN	NS

;; AUTHORITY SECTION:
zxxx.org.zm.		86400	IN	NS	ns2.niner.net.
zxxx.org.zm.		86400	IN	NS	ns1.niner.net.

;; Query time: 11 msec
;; SERVER: 204.61.216.73#53(204.61.216.73)
;; WHEN: Mon Dec 12 00:17:20 PST 2016
;; MSG SIZE  rcvd: 85

[00:17:20 leftseat@wrathall ~]$ dig ns1.coppernet.zm any

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> ns1.coppernet.zm any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4953
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ns1.coppernet.zm.		IN	ANY

;; ANSWER SECTION:
ns1.coppernet.zm.	86375	IN	A	41.222.240.15

;; Query time: 11 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Dec 12 00:36:07 PST 2016
;; MSG SIZE  rcvd: 61

[00:36:07 leftseat@wrathall ~]$ whois 41.222.240.15
% This is the AfriNIC Whois server.

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '41.222.240.0 - 41.222.241.255'

% No abuse contact registered for 41.222.240.0 - 41.222.241.255

inetnum:        41.222.240.0 - 41.222.241.255
netname:        CUNET-LSK-01
descr:          Allocation to CopperNET Solutions, an ISP in Zambia.
country:        ZM
admin-c:        KWC1-AFRINIC
tech-c:         KWC1-AFRINIC
status:         ASSIGNED PA
remarks:        Please send abuse notification to abuse@coppernet.zm
mnt-by:         COPSOL-MNT
source:         AFRINIC # Filtered
parent:         41.222.240.0 - 41.222.243.255

person:         Kasopa W Chisanga
address:        Silicon House, Kantanta Street
address:        P.O Box 22149, Kitwe
address:        ZM
phone:          +260-212-245011
phone:          +260-212-245200
phone:          +260-212-245222
nic-hdl:        KWC1-AFRINIC
remarks:        CopperNET Solutions.
source:         AFRINIC # Filtered

[00:36:20 leftseat@wrathall ~]$ dig -x 41.222.240.15

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> -x 41.222.240.15
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;15.240.222.41.in-addr.arpa.	IN	PTR

;; Query time: 1916 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Dec 12 00:36:30 PST 2016
;; MSG SIZE  rcvd: 55

[00:36:30 leftseat@wrathall ~]$ traceroute 41.222.240.15
traceroute to 41.222.240.15 (41.222.240.15), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.372 ms  0.780 ms  0.781 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
[00:37:15 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.coppernet.zm

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.coppernet.zm
;; global options: +cmd
;; connection timed out; no servers could be reached
[00:38:21 leftseat@wrathall ~]$

A cursory and superficial analysis of the Google/Symantec “knife fight”

20 November 2016 07:32:16 +0000

There is an African proverb: “When elephants fight the grass suffers.” I think this fairly describes the “knife fight” — a popular term in some recent media coverage of the American presidential transition — between Google and Symantec recently.

As described on our status blog, a bug (Google, Symantec) in the Google Chromium web browser caused Chromium users to see certificate errors when trying to access websites secured with valid certificates issued by Symantec and it’s subsidiaries — e.g., Geotrust, RapidSSL, Thawte and possibly others too. This included large websites such as Amazon, Flickr and Yahoo.

The knife fight first came to our attention probably a year or so ago, likely in an email from the certificate authority (CA) that we use for most of the SSL certificates we sell to clients and use ourselves. That CA is RapidSSL, a subsidiary of Symantec.

Now, it seems that Symantec did something bad in 2015: they created some certificates for domains that had neither requested nor authorised them. This was likely for testing purposes, although you do have to wonder about the IQ of the person at Symantec who authorised this. Google was particularly annoyed, because two of those certificates were for google.com and www.google.com.

What followed was some serious holier-than-thou public finger wagging at Symantec by Google, pontification worthy of a schoolmarm armed with a wooden ruler rapping the knuckles of the Symantec child. Bad, bad Symantec, now we’re going to shame you and be nasty to you in public, and tell you how you should be running your business. Which is all well and good, because Symantec did something stupid and should suffer the consequences.

One of those consequences was Google using the power it wields by virtue of the fact that it creates the most popular web browser on the planet — power that Microsoft used to wield, and also abused — to single out Symantec certificates for special treatment. (Why Google Chrome [and its progenitor Chromium] are so popular is beyond me. I’ve used Chromium and Chrome as secondary browsers on Linux and Windows machines, but my personal experience is that it’s slower and less configurable than Firefox.) Starting in June 2016 Google required Symantec to jump through hoops it doesn’t require of other CAs. Is that abuse of power? Some say no, and it’s difficult to disagree with them. However, Google then also did something bad and stupid themselves, by creating a situation that led to what they’ve called a “time bomb”, meaning that most (if not all) Symantec certificates stopped being trusted by Google Chromium in early to mid-November.

The upshot of this is that it was innocent third parties — the proverbial grass, the customers of Symantec that bought their certificates, and some users of Chromium — that were hurt by this knife fight. I’d love to know how much business Amazon lost as a result, and if we can expect a lawsuit and a payout from Google.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all that that entails. This includes such concomitant industries and activities such a domain registration, SSL certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira client feedback contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc facebook google happy hosting customers hosting transfer icann internet registry of canada invoices iphone iroc kwacha maintenance new services paying your bill paying your invoice quarterly kwacha rate review rates registrant transfers registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours support testimonials transparency verisign

Resources:

On NinerNet: