Friday, June 29, 2007

Network Solutions Validation Flaws

It looks like there is an imposter company in Princeton Junction, New Jersey trying to impersonate a valid company in Seattle, Washington - Radical Software, Inc. Radical Software, Inc. has been in business since 1998 and partners with major solid companies that have been in business for a long time and are major players in the web industry.

The imposter company is listed on a bunch of spammy web sites that are detracting from the business of the valid company. The imposter company was even listed in Hoovers and D & B databases -- which are used to by Network Solutions to validate SSL certificates.

Do you see a HUGE problem here? This is it: some company gets bogus records into the much flawed D & B records - D & B had company addresses that were six years old in this database. Also anyone can call in and change company records pretty easily. So Network Solutions uses these very inaccurate databases to validate SSL certificates and back them with a $1 Million Guarantee - and because the records are flawed it is a real pain in the you know what for the legitimate companies to actually get SSL certificates because D & B is showing records for some imposter company.

Using a marketing database that anyone can call in and update is a pretty flawed way of validating a company is legitmate. Additionally they use the state records to validate and companies typically have a separate address for power of attorney which may not match their billing and mailing addresses for the actual company. Using these things to validate the company is also flawed.

Also recently someone was able to change my banking records to send my mail to an old PO box. If someone could get my banking records to go to an old mailbox and pick up my mail they can send in the bank statements to validate the company with Network Solutions. The whole way Network Solutiongs is doing their validation is completely flawed.

Why can't they use verified by Visa or the billing address on the credit card that and the information on the actual web site that the person owns? Also since I have other SSL certificates which I registered with them recently and already sent in validation for that- why can't they look at the history - both to validate and to invalidate rip off requests?

There has to be some better form of validation, though I am not exactly sure what it is. I just know the current forms of validation are not the best.