RunningWithBulls.com - The curse of Sanfermin

Tom made a point about the etenders.ie domain name being mistaken for the etenders.gov.ie domain name by a friend of his.

Now I have no idea why someone would want to register etenders.ie (or how they would be allowed to in what is supposed to be a managed tld!) but there very well may be a legitimate reason.

Does anyone know anything about etenders.ie, who is behind it, why it was registered or what is happening to the usernames and passwords being accidentally filled in on their submission form?

Is it possible that etenders.ie is a legitimate site who themselves have been hacked/phished by someone trying to harvest real etenders site logons?

Why would someone want to register etenders.ie? Well I would guess to valid reasons:

1. they conduct some sort of electronic tenders process and wanted a nice and simple URL
2. they wanted to trick people into thinking that the website was the official governmental etenders.gov.ie website.

Why would they be allowed to register it? Well, I guess because its a valid, non-traded marked word (ish).

Now, etenders.gov.ie *should* have registered this URL while creating the etenders.gov.ie website.

Liz Nolan, from etenders.gov.ie commented saying:

The Department of Finance tried to register etenders.ie as a domain name in 2002 but it was already registered. There is no copyright on the etenders name as it is a generic term widely used in electronic procurement. There are lots of other examples out there - www.health.ie vs www.health.gov.ie, www.ppp.ie vs www.ppp.gov.ie so unfortunately it often lies with the user to ensure that they have entered the correct URL (and usually it’s fairly obvious from the home page if you’re on to the correct site). Anyone using etenders.gov.ie will be familiar with the home page and be aware that it’s not necessary to sign in to view notices.

Fair point, but again, as John McCormac mentioned:

The etenders.ie domain in 2002 was registered to a company called Xtender Deals Limited which was apparently part of an EU wide government tenders website. The etenders.ie domain was deleted and reregistered very quickly so it is doubtful if anyone from etenders.gov.ie was keeping an eye on the domain. The best way to remove the brand confusion would be to use Google and type link:www.etenders.ie to see what sites are linking to the etenders.ie site and contact them about correcting the links so that they point to the official Etenders site.

Tom’s point was that any “non-technical” person would just have the details written on a piece of paper, and would not be paying attention.

I take his point about people mistaking one thing for the other, BUT, like everything in life, commonsense has to be applied.

If one day you go to etenders.gov.ie (whos login page seems to be http://www.etenders.gov.ie/login.aspx), you will plainly see:

“eTenders has been developed by the Department of Finance”

you have a visual recognition that it is the valid website you want to go to.

If the next day you go to the address, www.etenders.ie, which looks completely different, commonsense applies.

I am sure your father, like mine, would: stop, think, and say “this looks different than normal”.

What then: they look at the piece of paper they have the address written down on (Tom-I’m sure your father has his passwords written in his diary, as mine does!), he will then see, “shit, I made a mistake”.

And will then go to the correct site.

This is what *should* happen.

I spent almost 2 years working in an Internet café and I had many “senior aged people” coming in.

I understand your point about the “piece of paper”, but my experience of people who do things this way is they want to see the same thing as they normally do. (I remember a woman who came in every week to send an e-mail to her daughter living abroad. She would look for the same computer, at the same time every day. She would have her notebook with the steps 1. www.hotmail.com, 2. her address, 3. her password, 4. create new e-mail, etc…)

If that was applied to this situation, the person would have looked at the screen, seen the difference and thought “hang on something wrong here”.

Caution needs to be applied on the Internet as in real life-again the example of the telephone number, or the wrong shop, etc.

Now, talking about should the etenders.gov people have registered the etenders.ie domainname?

Yes, they most definately should have. If it was registered at the time, like Liz Nolan said, fair enough. BUT they should have been keeping an eye on it all the while.

This happened recently with a company I used to work for. I explained and explained that we needed to register a domainname with our company name in it. It never happened, and someone else managed to get it.

I don’t see it being phished, but before I left I recommended that they keep an eye on the registration of it, and if possible enter into some legal proceedings to get it back.

With regards the linking from official governmental agencies (Dublin Corpo, etc) to an incorrect website, then those guys should be shot.
Seriously. Again, if that were a telephone number and they gave an incorrect telephone number, they would be harrased until they changed it.

All in all, common sense and safe browsing needs to be explained to people.

I would suggest that someone contacts the people from etenders.ie and asks them if they are aware of the consternation!

And of course, Tom’s friend can contact etenders.ie, and ask them to remove his password and login name from their database with in 48 hours, and ask for written confirmation of this.

Technorati Tags: runningwithbulls.com , etenders.gov.ie , etenders.ie , phishing , WIPO