[unisog] Problems with EDU.COM domain

Conor McGrath conormc at uchicago.edu
Mon Mar 27 21:47:12 GMT 2006


On Thu, Mar 23, 2006 at 03:03:40PM -0600 Josh Ballard said:
> So I gave a heads up to my admissions folks and to our university  
> attorney's office, and later received a call back from our admissions  
> director asking for contact information for this company because he  
> had been unable to gather any.  At the bottom of the .edu.com web  
> pages is a link to the parent company Vantage Media Corp, to which I  
> whois'd that domain (vantagemedia.com) and gave the admissions  
> director the information listed below:

[snip]

> After giving him this information, he said that he would make a call  
> to the company.  A short while later, he called me back to inform me  
> that he had spoken to a rep at the company and had informed them of  
> his displeasure at our university being listed on their site and  
> collecting information, and asked them to take us off.  At his  
> request, it appears they have done so for the time being, and fairly  
> quickly I might add.  So, my encouragement to all of you out there  
> would be to pass this word onto your admissions folks and/or general  
> counsel and have them make a phone call to have your university  
> removed.  I hope they are as quick to respond to the rest of you as  
> they apparently have been to us.

After seeing this thread last Thursday I pointed out the site to
my CIO.  He asked me to contact Vantage Media and have them take the
uchicago.edu.com page down as it was a violation of our trademark.

I called on Friday and spoke to Mark DiPaola, the president of Vantage
Media.  He was very responsive and told me that they would take the page
down that evening, which they did.

Mark has been following the thread here on Unisog with interest.
He was rather bemused at the post that linked his company to a right
wing conspiracy.  He asked if I would post and let folks know that we had
successfully resolved our situation with Vantage Media.  He also asked
if I would relay what he told me of their reasoning behind all this.
I'm paraphrasing what he said but here's the gist:

Vantage Media registered the edu.com domain and then realized that lots
of folks were hitting xxx.edu.com when they really wanted xxx.edu.
Rather than have these folks get 404 errors Vantage felt it would be
more helpful to show the pages that point to specific information about
the institution the user was really trying to find.  Apparently this
has been in place for some time and no one complained until now.
Vantage is a pretty small operation (~35 people) and on Friday they
were overwhelmed by phone calls from various schools.  Mark claims
that the company passes all of the information gathered via the edu.com
sites along to the admissions departments of the appropriate schools.
I have a call in to our Admissions folks now checking on that claim.

As I said, when I contacted Vantage Media they took our page down pretty
quickly.  That coupled with the fact that they were easy to contact
(the phone was answered by a human who took down my details and did pass
them along to Mark so that he had them in front of him when we spoke)
and were reasonable when spoken to gives me a feeling that while their
approach may have been well-intended it was clearly not well thought out.
Mark feels they were providing a service, albeit an unrequested one.

Do I buy their story?  I'd like to, but I've seen too much in this life
to take them at their word.  Their future actions will speak volumes.
In a subsequent email exchange with Mark I suggested to him that if
Vantage Media had no intention of selling the contact information
collected via these web sites they should say so publically.

I'm sure the Vantage Media folks will be reading this so if I've made
any errors or significant omissions they can correct me.

-Conor

> On Mar 23, 2006, at 2:37 PM, David Lundy wrote:
> 
> > It looks like a wild card.  Things like zzz.edu.com resolve.
> >
> > David Lundy
> > Acting IT Security Officer
> > University of the Pacific
> >
> >>>> YorkJ at brcc.edu 03/23/06 11:09 AM >>>
> > Wow, even lowly community colleges are listed in the phishing sites
> > edu.com.  They must have copied the entire .edu domain.  I just called
> > Educause (.edu registrar) to let them know about it--the lady I talked
> > to hadn't seen it yet, but promised to send the info to their
> > management.
> > Thanks
> > John
> >
> > John York
> > Network Engineer
> > Blue Ridge Community College

-- 
Conor McGrath                                           Phone: (773)702-7611
Manager for Network Security 				Fax: (773)834-8444
Network Security Center, The University of Chicago	NetSec: (773)702-2378
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml


More information about the unisog mailing list