Latest news of the domain name industry

Recent Posts

More security issues prang ICANN site

Kevin Murphy, March 3, 2015, Domain Tech

ICANN has revealed details of a security problem on its web site that could have allowed new gTLD registries to view data belonging to their competitors.

The bug affected its Global Domains Division customer relationship management portal, which registries use to communicate with ICANN on issues related to delegation and launch.

ICANN took GDD down for three days, from when it was reported February 27 until last night, while it closed the hole.

The vulnerability would have enabled authenticated users to see information from other users’ accounts.

ICANN tells me the issue was caused because it had misconfigured some third-party software — I’m guessing the Salesforce.com platform upon which GDD runs.

A spokesperson said that the bug was reported by a user.

No third parties would have been able to exploit it, but ICANN has been coy about whether any it believes any registries used the bug to access their competitors’ accounts.

ICANN has ‘fessed up to about half a dozen crippling security problems in its systems since the launch of the new gTLD program.

Just in the last year, several systems have seen downtime due to vulnerabilities or attacks.

A similar kind of privilege escalation bug took down the Centralized Zone Data Service last April.

The RADAR service for registrars was offline for two weeks after being hacked last May.

A phishing attack against ICANN staff in December enabled hackers to view information not normally available to the public.

Comment Tagged: , , , ,

Domain Incite is five years old today

Kevin Murphy, February 27, 2015, Gossip

Five years ago Domain Incite published its first story, with the introductory line “Let’s start at the beginning, shall we?”

I went on to describe how I’d registered the name domainincite.com and thrown up a live, resolving web site in less than one hour.

But that wasn’t quite the beginning.

What I neglected to mention were the eight hours I spent sitting with my father that weekend, brainstorming domains that captured the slightly acerbic tone I expected to use and which were also available at a reasonable price.

That was also when we came up with the tag line “domainincite.com n. because all the good domains were taken”, which has sat at the top of DI’s “About” page since day one.

Dad died last October, and I’d be lying if I said I’ve had an easy time getting over it.

Watching somebody you love dying of cancer is, needless to say, traumatic. Many readers will understand this all too well.

It can leave you with their final weeks indelibly at the forefront of your memories, whereas you should be remembering the enjoyable times you spent together.

I wouldn’t dream of blaming Dad for my eventual choice of domain, but we had fun collaborating on its conception.

That was something we did together, which gives DI’s birthday this year a bittersweet flavor for me.

20 Comments Tagged:

The IANA transition in a nutshell

Kevin Murphy, February 27, 2015, Domain Policy

The US plan to remove itself from its unique DNS oversight role is about creating a coalition of nations to thwart attempts by Russia and other “authoritarian” countries to increase government control of the internet.

That’s according to Larry Strickling, assistant secretary at the US National Telecommunications and Information Administration, who delivered a beautifully succinct explanation to confused senators at a hearing in Washington DC this week.

Despite unnecessary diversions into issues such as net neutrality and copyright protection — which I’m sure was not at all due to senators trying to score points with their corporate paymasters — the Commerce Committee hearing was surprising well-informed and not nearly as angry as it could have been.

Senators, mostly Republicans, reiterated their concerns that for the US to give up its role in the IANA functions contract could invite a takeover of ICANN by unfriendly nations such as China and Russia, thereby harming internet freedom.

At one point, Strickling was asked by a senator: “If there’s not a problem, what are we trying to fix here?”

His answer was one the best explanations of the political back-story of the transition that I’ve heard, so I’m going to quote it in full here.

There has been a problem, sir. At the end of 2012 when the world’s governments got together in Dubai for the ITU WCIT — World Conference on International Telecommunications — you had around 80 countries who voted to say the ITU needs to be more involved in internet governance. These were largely countries in the developing world siding with the more authoritarian regimes.

Part of the impetus for this was the continued irritation that many governments have, that has been exploited by authoritarian countries, that the United States with its special role with ICANN is in a position to control the internet in these developing counties and to turn it off in these countries and to otherwise interfere with the ability of countries to manage their own affairs with respect to the internet.

After this [IANA transition] announcement was made the next two large international meetings at which governments came together you saw a major change in position among the developing countries. We didn’t see any change in position from the authoritarian countries — and you’re not, they’re not going to change their views on this. But the key to succeeding in this on the global stage is to bring the rest of the world along with us, and that’s what we saw at the NETmundial conference in Brazil last April where the only countries who spoke out against the multi-stakeholder model of internet governance were Russia and Cuba.

We then flash forward to the ITU plenipotentiary conference in Busan last November and again you had Russia with the same proposals it’s been making for 10 years: that these functions ought to be transferred to the ITU and managed by governments. And that was beaten back by a coalition of developed and developing countries. So we’ve seen immediate results, or significant results, by the basis of our having been able to take this issue off the table for these countries, to get them to look at what’s really best for them without this overhang of a US role that was unique among governments and which was a source of irritation to governments and was being exploited to our detriment by foreign governments.

The fact of the matter is that the role we play with respect of the IANA functions is a clerical role. It’s truly stewardship. As I said before, we don’t provide any oversight of the policy judgments that ICANN and the multi-stakeholder community make. We participate as a government in the Governmental Advisory Committee, and we will continue to do that in future and will be vigorous advocates for a free and open internet.

The special role we play with respect of the IANA functions is totally administrative and clerical, yet it has been exploited by other governments — authoritarian governments — to our detriment. We’ve taken that off to the table by announcing this transition and as we complete it we will continue to see the benefits of that through the continued adoption and support for this model by the developing world.

His views were echoed by ICANN CEO Fadi Chehade more than once during the hearing, talking about how the transition process is designed to bring on board the “middle countries”, rather than already-allied nations or the fringe, minority authoritarian countries.

He cited Brazil as the key example of a government once in favor of more ITU control of the internet that is now, largely due to Chehade’s outreach and its key role in the NETmundial conference, firmly in the multi-stakeholder model camp.

The entire archived hearing can be viewed here.

3 Comments Tagged: , , , , , ,

Google buys .app for over $25 million

Kevin Murphy, February 26, 2015, Domain Registries

The fiercely competed new gTLD .app has sold to Google for a record-breaking $25 million.

The company’s Charleston Road Registry subsidiary beat out 12 other applicants for the string, including Donuts, Amazon, Famous Four Media, Radix and Afilias.

The auction lasted two days and fetched a winning bid of $25,001,000, more than any other new gTLD to date.

The previous high is believed to be .blog, which I estimate sold for less than $20 million.

Because it was an ICANN-run “last resort” auction, all of the money goes into ICANN’s special auction proceeds fund, which previously stood at just shy of $35 million.

Previous ICANN auctions have fetched prices between $600,000 and $6,760,000.

Google originally proposed .app as a closed registry in which only Google and its partners could register names.

However, after the Governmental Advisory Committee pressured ICANN to disallow “closed generics”, Google changed its application to enable anyone to register.

1 Comment Tagged: , , , ,

ICANN ditches plan to give governments more power

Kevin Murphy, February 25, 2015, Domain Policy

ICANN has quietly abandoned a plan to make it harder for its board of directors to go against the wishes of national governments.

A proposal to make a board two-thirds super-majority vote a requirement for overruling advice provided by the Governmental Advisory Committee is now “off the table”, ICANN CEO Fadi Chehade told a US Senate committee hearing today.

The threshold, which would replace the existing simple majority requirement, was proposed last August as a result of talks in a board-GAC working group.

At the time, I described the proposal as a “fait accompli” — the board had even said it would use the higher threshold in votes on GAC advice in advance of the required bylaws change.

But now it’s seemingly gone.

The news emerged during a hearing of the Senate Committee on Commerce, Science, and Transportation today in Washington DC, which was looking into the transition of US oversight of ICANN’s IANA functions to a multi-stakeholder process.

Asked by Sen. Deb Fischer whether the threshold change was consistent with ICANN’s promise to limit the power of governments in a post-US-oversight world, Chehade replied:

You are right, this would be incongruent with the stated goals [of the IANA transition]. The board has looked at that matter and has pushed it back. So it’s off the table.

That came as news to me, and to others listening to the hearing.

The original plan to change the bylaws came in a board resolution last July.

If it’s true that the board has since changed its mind, that discussion does not appear to have been documented in any of the published minutes of ICANN board meetings.

If the board has indeed changed its mind, it has done so with the near-unanimous blessing of the rest of the ICANN community (although I doubt the GAC was/will be happy).

The public comment period on the proposal attracted dozens of responses from community members, all quite vigorously opposed to the changes.

The ICANN report on the public comments was due October 2, so it’s currently well over four months late.

UPDATE 1: An ICANN spokesperson just got in touch to say that the board decided to ditch its plan in response to the negative public comments.

UPDATE 2: Another ICANN spokesperson has found a reference to the board’s U-turn in the transcript of a meeting between the ICANN board and GAC at the Los Angeles public meeting last October. A brief exchange between ICANN chair Steve Crocker and Heather Dryden, then chair of the GAC, reads:

DRYDEN: On the issue of the proposed bylaw changes to amend them to a third — two-thirds majority to reject or take a decision not consistent with the GAC’s advice, are there any updates there that the Board would like to — the Board or NGPC? I think it’s a Board matter? Yes?

CROCKER: Yes.

Well, you’ve seen the substantial reaction to the proposal.

The reaction embodies, to some extent, misunderstanding of what the purpose and the context was, but it also is very instructive to all of us that the timing of all this comes in the middle of the broader accountability question.

So it’s — I think it’s in everyone’s interest, GAC’s interest, Board’s interest, and the entire community’s interest, to put this on hold and come back and revisit this in a larger context, and that’s our plan.

So it seems that the ICANN board did tip its hand a few months ago, but not many people, myself included, noticed.

2 Comments Tagged: , , , , ,