I asked a few people and found that nobody I spoke too really knew any way to find this out. Most people suggested just working out the percentage of the total amount however this of course will not work.

Here is how I eventually worked this out :The eureka moment came when it dawned on me that total amount was in fact 100% + tax %. So in the UK example if I had paid £178 which was taxed at 20% then £178 would be 120% of the original figure. On realising this I realised that there was actually 2 ways to work out the pre tax amount.

Method 1

Post Tax Amount = £300
Tax Percentage = 15%
(Post Tax Amount / (100 + Tax Percentage)) * 100
(£300 / (100 + 15)) * 100

OR

(Post Tax Amount * 100) / (100 + Tax Percentage)
(£300 * 100) / (100 + 15)

Basically now that we know that £300 is 115% of the original total we can divide 300 by 115 which will tell us what 1%. To find out the total pre tax amount we multiply this by 100. Alternatively if we need to find out how much tax we paid we multiply the figure we found 1% is and multiply this by 15 (our tax rate in this instance).

From these equations we find the following:

Pre Tax Amount: $260.87
Tax: £39.15
Post Tax Amount: £300

Method 2

Post Tax Amount = £380
Tax Percentage = 18%
Post Tax Amount – (Post Tax Amount / ((100 + Tax Percentage) / Tax Percentage))
380 – (380 / ((100 + 18) / 18)

This method works in a different way. Instead of working back to find 1% this method determines what ratio the tax percentage is of the total amount. We then divide the post tax amount by this figure (this in fact results in the amount of tax). We then take this latest figure from the post tax amount to find the pre tax amount.

From this equation we get the following result:

Pre Tax Amount: £322.03
Tax: £57.97
Post Tax Amount: £380

Now both of these methods have their advantages and disadvantages and it is for yourself to work out which method is best for you.

Considerations

Now there is a good chance that you will be approaching this from a programming perspective there are a things to consider when putting this into code.

1. How will you handle negative figures
2. How will you handle a 0% as the tax rate (this could result in a division by 0 error)
3. How will you handle rounding issues (you may come across instances where when you round you gain 1 penny or lose a penny).

Hopefully this will help someone, it certainly will help me as I will no doubt forget how I did this.

When I bought the book I though that it was a bit of a gamble but looked ok so worth the risk. How more wrong could I be, this was certainly not a gamble at all.

Bruce starts the book by requesting that you read it numerous times so that the information sinks in and so that information obtained later in the book can be better understood.

The main part and bulk of the book explains many security concerns and explains why traditional thinking of security is incorrect (such as using a 256 bit encryption key is pointless and contains little security if the key was generated from for example the word password). Many aspects of security are covered within this ranging from network security to standard O/S security. At this point the book appears very negative and seems to suggest that there is little you can do to actually stop the impending security breaches.

Luckily as the book goes on the mood changes slightly and prepares you for methods to help combat the security implications that any system will have. These methods range from creating attack tree’s and how you can best decide on the viability of any attack vector and how to start bringing things into your favor instead of the intruders.

Since this book was written there have been many security breaches that have cost the companies involved large amounts of money both from lost revenue and the cost of picking up the pieces. For example this year Sony had a succession of attacks and the cost of the clean up was estimated to be around $140,000,000, this estimate could quite easily increase substantially as Sony’s insurer is also seeking methods for removing their own liability over the issue meaning that any law suits will come out of Sony’s pocket instead of the insurer.

A short while after this Lockheed Martin were found to have been compromised. On investigation it became clear that RSA had been compromised allowing someone to obtain information on the systems which aided in the Lockheed Martin compromise. As a result of this RSA were essentially forced to replace 40,000,000 secure ID devices.

It is not only the financial cost that these companies have suffered there is also the untold damages to their company profile with which the cost can never really be calculated.

Now you may be wondering my point at this stage, well the point is that if only the security of these companies read this book they may have been better prepared. The frightening thing however is that too many companies take security as an after thought. If the price is too high they decide to disregard the advice or not bother.

Conclusion

Although this is a 10 year old book this is certainly worth a read. You can learn so much from this book and it will completely change your perception of security. This book is highly recommended.

Title: Secrets and Lies: Digital Security in a Networked World
Author: Bruce Schneier
Publisher: John Wiley & Sons
ISBN 10: 0471453803
ISBN 13: 978-0471453802
Official URL – Amazon URL

• are 15 years of age;
• have a Finnish personal ID number; and
• live in a Finnish municipality.

OR

• companies and private entrepreneurs;
• Finnish public bodies and state enterprises;
• independent public corporations and public associations; and
• diplomatic missions of a foreign state which have been entered into the Finnish trade register or into the Finnish registers of associations or foundations.

What is not explicitly mentioned here is that even if you are a business you do have to either be registered as a business in Finland or to have an office located in Finland.

Apart from the registration requirements there is also a restriction that is not usually placed on domain names. For a registration to be fully successful you are required to add the DNS entries on the nameservers that you are placing on the domain name. If you do not do this prior to registering the domain name you will see something like the following on the whois:

status:   Technical Error
created:  11.8.2011
expires:  11.9.2011
nserver: your.nameserver.com [ERROR]
nserver: your.2nd.nameserver.com [ERROR]

As you can see the the status of the domain is sitting at technical error and beside both nameservers we have [ERROR]. If after 1 month the DNS has not been rectified the domain registration will be revoked. There is no way to force the registry to check the nameservers again, this will be carried out automatically and periodically.

If you have hosting on a cPanel server you will be unable to add the domain as a parked domain as it will state that the nameservers are invalid. You will need to manually add a DNS zone within WHM (or if you have no access ask your host).

Like any ccTLD prior to registering a domain name ensure that you do meet the minimum requirements necessary. As per the terms and conditions of the registry if you are found to have lied or not to meet the requirements the registration can and will be revoked.

Fancy purchasing an .fi domain name and meet the requirements then you can buy them from Flexi Web Host.

This seems a very strange choice for a desktop OS but is perfect for the iPhone (maybe they are trying to cater more for touchscreen monitors).

The fix for this issue is actually very easy. Firstly click on the Apple logo on the top of your screen. Once the menu appears 1 of the options will be System Preferences.

In the system preferences screen the screen is divided into 4 sections, the 2nd section is headed Hardware. Click on Mouse.

Once in the mouse preferences options, un-tick the top option which is marked as “Move content in the direction of finger movement when scrolling or navigating”.

Once you have changed this your scroller will now work as it always has done.

base64.h
// Created by Peter McDonald on 17/07/2011.
// Copyright 2011 n/a. All rights reserved.
//

#import

@interface base64 : NSObject
{
NSArray *ascii;
}

-(NSString*)encode : (NSString*)text;
-(NSString*)intToBinaryString:(int)intValue;
-(NSString*)binaryStringToNsstring:(NSString*)binaryStringValue;

@end
base64.m
// Created by Peter McDonald on 17/07/2011.
// Copyright 2011 n/a. All rights reserved.
//

#import “base64.h”

@implementation base64

- (id)init
{
self = [super init];
if (self) {
ascii = [[NSArray alloc] initWithObjects:
@”A” ,@”B” ,@”C” ,@”D” ,@”E” ,@”F” ,@”G” ,@”H” ,@”I” ,@”J” ,@”K” ,@”L” ,@”M” ,
@”N” ,@”O” ,@”P” ,@”Q” ,@”R” ,@”S” ,@”T” ,@”U” ,@”V” ,@”W” ,@”X” ,@”Y” ,@”Z” ,
@”a” ,@”b” ,@”c” ,@”d” ,@”e” ,@”f” ,@”g” ,@”h” ,@”i” ,@”j” ,@”k” ,@”l” ,@”m” ,
@”n” ,@”o” ,@”p” ,@”q” ,@”r” ,@”s” ,@”t” ,@”u” ,@”v” ,@”w” ,@”x” ,@”y” ,@”z” ,
@”0″ ,@”1″ ,@”2″ ,@”3″ ,@”4″ ,@”5″ ,@”6″ ,@”7″ ,@”8″ ,@”9″ ,@”+” ,@”/” ,
nil];
}
return self;
}

-(NSString*)encode:(NSString *)text
{
int stringLength = [text length];
NSString *newString = [[NSString alloc] init];
NSString *binaryString = [[NSString alloc] init];
int currentCharAsInt;
for (int i = 0; i < stringLength; i++) { currentCharAsInt = [text characterAtIndex:i]; binaryString = [binaryString stringByAppendingString:[self intToBinaryString:currentCharAsInt]]; } newString = [self binaryStringToNsstring:binaryString]; return newString; } -(NSString*)decode:(NSString *)text { return @”"; } -(NSString*)intToBinaryString:(int)intValue { int current= 128; NSString *returnString = [[NSString alloc] init]; while (current >= 1)
{
if(intValue >= current)
{
intValue = intValue – current;
returnString = [returnString stringByAppendingString:@"1"];
}
else
{
returnString = [returnString stringByAppendingString:@"0"];
}
if (current > 1)
{
current = current / 2;
}
else
{
current = current – 1;
}

}
return returnString;
}

-(NSString*)binaryStringToNsstring:(NSString*)binaryStringValue
{
NSString *returnString = [[NSString alloc] init];
int binaryStringValueLength = [binaryStringValue length];
if (binaryStringValue > 0)
{
NSString *workingString = [NSString alloc];
int currentIndex = 0;
NSRange range = {currentIndex, 6};
workingString = [workingString initWithFormat:[binaryStringValue substringWithRange:range]];
while ([workingString length] > 0)
{
int currentBinaryValue = 1;
NSUInteger currentValue = 0;
for (int i = 0; i < [workingString length]; i++) { NSRange charRange = {[workingString length] – i – 1, 1}; NSString *currentChar = [[NSString alloc] initWithFormat:[workingString substringWithRange:charRange]]; if ([currentChar isEqualToString:@"1"]) { currentValue = currentValue + currentBinaryValue; } currentBinaryValue = currentBinaryValue * 2; currentIndex++; } if ((currentIndex + 1) >= binaryStringValueLength)
{
workingString = @”";
}
else if ((currentIndex + 6) > binaryStringValueLength)
{
NSRange range = {currentIndex, binaryStringValueLength – currentIndex};
workingString = [[NSString alloc] initWithFormat:[binaryStringValue substringWithRange:range]];
if ([workingString length] == 2)
{
workingString = [workingString stringByAppendingString:@"0000"];
}
else
{
workingString = [workingString stringByAppendingString:@"00"];
}
}
else
{
NSRange range = {currentIndex, 6};
workingString = [[NSString alloc] initWithFormat:[binaryStringValue substringWithRange:range]];
}
returnString = [returnString stringByAppendingString:[ascii objectAtIndex:currentValue]];
currentValue = 0;
currentBinaryValue = 1;
}
while ([returnString length] % 4 != 0)
{
returnString = [returnString stringByAppendingString:@"="];
}
}
return returnString;
}

@end
The code currently does not add a CRLF character after every 78 characters at the moment however the program this has been designed for does not require it (although I will add this once I get around to rewriting the methods),

Any suggestions let me know.

Since the dot com bubble burst in the early 2000’s the value and profile of domain names has again been on the increase. Apart from recent financial turmoil caused by the world recession the average value of domain names has increased dramatically and shows no sign of stopping.

Due to the higher profile of domain names and the value that this brought it has unfortunately resulted in a rather unsavoury side effect. The number of stolen and hijacked domain names has increased dramatically over the last few years.

Now many of you may be forgiven for wondering how a virtual item can be stolen or hijacked. Domains as we know are not tangible items and are more virtual items. Over the course of this article I hope to make you aware of ways that can be used to steal your domain name. Only by knowing how domain names can be can we actually protect against it.

Attack Vectors

There are many attack vectors that can be used to gain control of your domain name. Let us run through them here:

Social Engineering

For anyone that does not know reverse engineering is a method in which someone will pretend either to be someone else or pretend to be someone who should have certain information. Reverse engineering usually works on the premise that most people want to help or to be seen to help others as much as possible. Reverse engineering works by exploiting the most unreliable part of any process, the human interaction.

Sometimes all it takes for a successful reverse engineering attack is for the attacker to try to obtain a little sympathy. A lot of the time the person who is being attacked will more likely help if they believe the person is in a predicament. Now you might be wondering how this could assist in someone stealing your domain name, quite simple. If the person is talking to say for example a GoDaddy representative (or any other registrar where your domain names may reside) and they vie for a bi of sympathy and are pretending to be you the registrar representative may bypass the necessary security and help with minimal information.

Email Account Hacking

The most prevalent way that registrars contact owners of domain names is to email them. I have personally assisted a few people in obtaining their domain names back after they had been stolen. The method the thief stole in these instances was to hack the user’s domain name. If you for example hack an email address that someone uses for their registrar account you now have complete access to the person’s domain names. Once the thief has control of the email address it is a trivial issue to reset the password for the registrar then to change the domain details or to transfer these away. Gmail accounts in the past did have security holes that were used to steal domain names in this way.

Registrar Hacking

The usual way for a registrar account to be compromised is to first gain access to the email address used to register however it has also been known for accounts to be compromised due to people usually using the same username and passwords between different websites. If for example you register on a website and the website is less than desirable it would be trivial for the website owner to retrieve your username and password and try these on the registrar websites.

There are of course other methods for gaining access to registrar accounts however these methods go beyond the scope of this article.

Fake Sale

1 of the most dangerous times for a domain portfolio owner is when a sale is taking place. Many domain names are lost due to something going wrong with a sale and of course the payment is where this happens. It is quite easy for someone to gain access for example to a hacked Paypal account. At the time of the sale everything may look like it has gone through fine however it may become apparent a few weeks later that the transaction was fraudulent. The first time you become aware of this is usually due to a chargeback.

Many sales are carried out using the Paypal Mass Pay feature. The seller believes that this gives them security from chargebacks. Unfortunately these people are mistaken.

Reverse Hijacking

A reverse hijack is not necessarily considered theft however can be a real concern for any domain portfolio owner who has potential high value domain names. A reverse hijack is where a company/individual registers a trademark to try to prove that your domain name infringes their trademark. If the trademark was registered after you bought the domain name you of course could not have bought the domain in bad faith however the aim of the other party is to try to prove that you did register in bad faith as there is a registered trademark. The way in which the domain name is obtained is usually by filing a WIPO on the domain name.

To make sure that you are not a victim of this type of hijack ensure that you keep track of when you register your domain names as well as to scrutinise any information you are given as part of a WIPO complaint.

How To Protect Yourself

Most methods that you can use to protect yourself are self-explanatory and common sense however they should be mentioned anyway.

Avoid Using Free Email Hosts

Avoid using free email hosting companies including hosts such as Google. Free email hosts do not hold any liability caused by any security flaws they have. Once a security whole has been identified for these providers the information is usually disseminated throughout the internet quite rapidly.

Ensure Your Whois Email Is Different Than Your Registrar Email

When registering on registrar’s websites you should ensure that you are using a different email than you use for your whois information. Whois information is public knowledge. Although you can use whois privacy sometimes you have to pay extra. Not all extensions allow whois privacy either. If the email used to register with the registrar is unknown it will be harder for a thief to gain access to your account.

Secure Your Username And Password

Ensure that your username and passwords that you use for your registrar is not something that will be known by other people. The password should be as long as possible (10-15 characters) and should contain letters (uppercase and lowercase), numbers and symbols. Also avoid using words within your password. By adhering to these rules it will be harder for a thief to guess your details.

Ensure That Whois Details Are Always Up To Date

You must ensure that the whois information for your domain names is always up to date. It is not just a matter of your domains security that requires the whois to be kept up to date, it is in fact a Nominet requirement. If the details are incorrect Nominet are within their right to remove the domain name. You should also ensure that the information contained within the whois is kept up to date. If for example the email address is not correct you will not receive notifications of any issues (such as a WIPO claim) or even worse if the email address is no longer used or if the domain the email was for has expired someone could quite easily get this domain and create an email address for it and use this to obtain your domain.

Check Registrar Security Functions

Most registrars have enhanced security packages. Some of these registrars require you to pay a sum per domain name while others are per account. Be sure to check what added benefits these packages have and consider purchasing them. For reg fee domain names it may of course not be financially viable however if you have domains in the $x,xxx + price range it would be a bad idea not to do everything in your power to secure them.

Never Trust Anyone

Although this may sound a bit harsh you should not trust anyone especially when taking payments. If someone is asking you any information about your domain names or personal information be sceptical on why they are asking. You should also minimise information that you give out on social engineering sites and forums. Any information that you give out can be used for social engineering. Ensure you do not make it easy for the thief.

Monitor Your Domains

A lot of people who have portfolios tend to forget about their domain names until they come up for renewal. If you are serious about your portfolio and keeping it safe ensure you employ a method for keeping track of your domain names. Even if the registrar supplies tools to do this it would be a good idea to use 3rd party tools to keep an eye on things such as the whois details and to monitor any changes that occur. If you do this however be sure to understand the limitations of the tools that you use.

In the past for example I used the tools provided by Domain Tools. Although the tools are very good I was amazed one day to find that it took around 2 months for their tools to notice that the nameservers for 1 of my domains had changed. If my domain had been stolen this would have been way too late to have done anything about it.

What Can I Do If My Domain Is Stolen

If you are unfortunate enough to find that you have had domains stolen the first thing you should do is of course to contact the registrar. The preferred method of contact is of course by making a phone call. To back this up I would strongly suggest emailing support so that there is a written version as well. If there is no phone support or the phone support is closed seek advice from live chat support if available or email the support.

Once you have contacted the registrar you should ensure that all of your accounts are secure. Change any password to make sure that if they managed to gain access that they no longer have any. Make sure that the profile on the registrar site matches your own details (especially the name, address and email).

Lastly make as much noise as possible. Most domains are stolen so that they can be sold on. Of course a thief would like to sell the domain as soon as possible so that they are not stuck with a domain that is unsellable as it is known to have been stolen. Register and log onto as many domain name forums and blogs (such as Namepros or DNForum) as possible and post as much information as you can get including current whois information, any contact made from the thief etc. Not only will this alert people about the stolen domain name and prevent them from buying it but it will also enable you to have many more people looking out for you. Some of these people will end up keeping an eye out on your behalf and may also provide you with any information they find out which can prove invaluable.

By following the simple steps within this article you will be going a long way to making life difficult for any thief that may have their eye on your domain names.

If you feel that I have missed out anything be sure to let me know. I will gladly revisit this article in future and of course rewrite any sections that are necessary. If you would like to syndicate this article feel free to ask.