ICANN demands the right to terminate .jobs

ICANN has asked the International Chamber of Commerce to rule that it has the right to terminate Employ Media’s .jobs contract.

It’s filed its response to Employ Media’s demand for arbitration over the disputed Universe.jobs service, which saw the registry vastly expand the .jobs space.

Employ Media “transcended the very intent behind creation of the TLD” with Universe.jobs, which allocated tens of thousands of .jobs domains to the DirectEmployers Association, ICANN said.

The organization wants the ICC to rule that it “may, but is not required to, terminate the Registry Agreement with Employ Media”, as it has already threatened.

Employ Media took ICANN to arbitration in May, after ICANN notified it that it was in breach of its registry agreement and they were not able to settle their differences in private talks.

The registry wants a declaration that it is not in breach.

But according to ICANN, Employ Media is still and has always been restricted to selling domains just to human resources professionals to promote jobs “within their own organizations”.

That’s despite ICANN’s approval of a contract amendment last year that allowed the registry to sell non-companyname .jobs domains.

This liberalization, ICANN says, did not allow the company to launch Universe.jobs, which monetizes at least 40,000 geographical and vocational .jobs through a massive third-party jobs board.

ICANN is now trying to frame the arbitration proceeding around a single question – was its breach notice “appropriate” or not?

The whole debacle is based around two interpretations of the .jobs Charter, which spells out who can register .jobs domains. This is what it says:

The following persons may request registration of a second-level domain within the .JOBS TLD:

- members of SHRM [the Society For Human Resources Management]; or

- persons engaged in human resource management practices that meet any of the following criteria: (i) possess salaried-level human resource management experience; (ii) are certified by the Human Resource Certification Institute; (iii) are supportive of the SHRM Code of Ethical and Professional Standards in Human Resource Management, as amended from time to time, a copy of which is attached hereto.

Employ Media’s interpretation is fairly literal and liberal – any signed-up SHRM member can register a .jobs domain and somebody at DirectEmployers is a member and therefore eligible.

Becoming a SHRM member is pretty straightforward and cheap. It’s not much of a barrier to entry.

ICANN argues that this interpretation is bogus:

Employ Media has espoused policies that allow a .JOBS domain name (or thousands of them) to be used for virtually any purpose as long as a human resource manager is propped up to “request” the domain. In doing so, Employ Media has failed to enforce meaningful restrictions on .JOBS registrations, as required by the Registry Agreement.

It further argues that Employ Media should have allocated premium .jobs domains through an “open, fair and transparent” process, rather than the “self-serving… backroom deal” with DirectEmployers.

Evidence now filed by ICANN shows that the two organizations have been arguing about this since at least November 2009, when Employ Media launched a Universe.jobs “beta”.

ICANN also now says that it has no problem with Universe.jobs, provided that Employ Media and SHRM amend their Charter policies to make the service retroactively compliant.

The more this dispute progresses and the more convoluted and expensive it becomes, the more it leaves me scratching my head.

You can download the latest arbitration documents from ICANN.

Comment Tagged: , , , , , ,

ICM gives away .xxx domains to porn stars (video)

It seems that pretty much every time I’ve written about .xxx over the last five or six years the article has been mentioned, or focussed on, how the porn business hates it.

For a change, here’s a shameless propaganda video (possibly NSFW) that ICM Registry produced during a recent, evidently quite boozy, party at Platinum Lace, a strip joint in London.

Context: ICM was sponsoring the party.

The people heard supporting .xxx are either porn actresses who’ve just been given their .xxx domains, employees of the Paul Raymond stable of top-shelf men’s magazines, or domain registrars.

One of the interviewers is “Mario”, a Z-lister known for being annoying on the TV show Big Brother last year. I figured his 15 minutes were already up, but I guess not.

The other is ICM’s sales director Vaughn Liley. He’s the one who starts interviews with the question “So, do you think .xxx will be good for the industry, or great?”

Watch out, David Frost.

Also seen posing, though not speaking, is Ben Dover, pretty much the only mainstream-famous porn video producer ever to come out of the UK.

Comment Tagged: ,

Bit-squatting – the latest risk to domain name owners

Kevin Murphy, July 26, 2011, Domain Tech

Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.

This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.

Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.

According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.

Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.

To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.

The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.

The binary for the string “microsoft” is:

011011010110100101100011011100100110111101110011011011110110011001110100

and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):

011011010110100101100011001100100110111101110011011011110110011001110100

Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.

I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.

But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.

For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.

I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.

The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.

Kaminsky is not discussing DNS this year, judging by the agendas.

The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.

15 Comments Tagged: , , , , , , , , ,

Final gTLD Applicant Guidebook expected this week

Kevin Murphy, July 25, 2011, Domain Policy

It’s been over a month since ICANN approved its new top-level domains program, but we still don’t have a final-final version of the Applicant Guidebook.

The resolution approving the program ICANN passed in Singapore called for a number of amendments to be made to the 352-page tome.

The current draft was published May 30, and so far ICANN has not said when the next version – likely to be the version used in the first round of applications – will be released.

I inquired, and now word has come from on high that ICANN’s new gTLD team hopes to have the English version of the new Guidebook published by the end of July – this coming weekend.

The Singapore resolution called for changes to the government Early Warning and Advice processes, added protection for Olympic and Red Cross trademarks, and a modification of the Uniform Rapid Suspension cybersquatting policy.

One has to wonder if the changes outlined in the resolution are the only changes that we’ll see – a month seems like a long time to make just a few fairly minor edits.

The resolution said the board “authorizes staff to make further updates and changes to the Applicant Guidebook as necessary and appropriate”.

The first round of new gTLD applications is set to open January 12.

3 Comments Tagged: , , ,

Could .om become the next typo TLD?

Will Oman’s .om domain follow in the footsteps of .co? Or .cm? Or neither?

The country-code top-level domain is set to be transferred to a new manager following an ICANN vote this coming Thursday.

The redelegation is one item on a unusually light agenda for the board’s July 28 telephone meeting. It’s on the consent agenda, so it will likely be rubber-stamped without discussion.

The domain is currently assigned to Oman Telecommunications Company, but the new owner is expected to be the national Telecommunications Regulatory Authority or an affiliated entity.

The Omani TRA was given authority over the nation’s domain names by Royal Decree in 2002.

It has already successfully had the Arabic-script ccTLD .عمان approved by ICANN for use as an internationalized domain name, but the IDN has not yet been delegated.

AusRegistry International this March won a $1.3 million contract with the TRA to provide software and services for the .om and .عمان registries.

At the time, the TRA said it planned to market both Latin and Arabic extensions to increase the number of domain registrations.

The .om ccTLD is of course a .com typo, like .co and .cm, but squatting is not currently possible due to its strict registration policies.

Only Omani entities may register .om domains today, and only third-level domains (such as example.com.om and example.net.om) may be registered. Domains may not be resold.

I have no particular reason to believe this situation will change under new stewardship, but it will certainly be worth keeping an eye on the TLD for possible policy changes.

When Cameroon’s .cm opened up, it implemented a widely vilified blanket wildcard in an attempt to profit from .com typos.

Colombia’s .co of course took the responsible route, disowning wildcards and embracing strong anti-squatting measures, even if its mere existence was still a headache for some trademark owners.

Comment Tagged: , , , , , , , , , , ,