Latest news of the domain name industry

Recent Posts

WordPress founder criticizes NSI’s security

Kevin Murphy, April 13, 2010, Domain Registrars

WordPress founder Matt Mullenweg had a few harsh words for top-five domain registrar Network Solutions today, after a whole bunch of NSI-hosted blogs were hacked over the weekend.

It appears that NSI’s web hosting operation, which includes a one-click WordPress installation service, was failing to adequately secure database passwords on shared servers.

Or, as Mullenweg blogged: “A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files.”

WordPress, by necessity, stores its database passwords as plaintext in a script called wp-config.php, which is supposed to be readable only by the web server.

If the contents of that file are viewable by others, a malicious user could inject whatever content they like into the database – anything from correcting a typo in a blog post to deleting the entire site.

That appears to be what happened here: for some reason, the config files of WordPress blogs hosted at NSI gave read permissions to unauthorized people.

The cracker(s) who noticed this vulnerability chose to inject an HTML IFrame into the URL field of the WordPress database. This meant visitors to affected blogs were bounced to a malware site.

Mullenweg is evidently pissed that some news reports characterized the incident as a WordPress vulnerability, rather than an NSI vulnerability.

NSI appears to have corrected the problem, resetting its users’ database passwords as a precaution. Anybody making database calls in custom PHP, outside of the wp-config.php file, is going to have to go into their code to update their passwords manually.

3 Comments Tagged: , , , , ,

WIPO’s UDRP market share lead narrows

Kevin Murphy, April 13, 2010, Domain Policy

The number of UDRP cases filed with the National Arbitration Forum dipped slightly last year, according to NAF numbers released today.

The organization said it received 1,759 filings last year, compared to 1,770 in 2008. Only 1,333 of the cases were actually heard; the others were dropped or settled.

While that’s a decline for NAF, it’s not quite as steep as the almost 10% drop experienced by rival arbitrator WIPO over the same period.

That said, WIPO is still the primary choice of companies trying to enforce their trademarks in the domain name system, saying last month that it received 2,107 complaints in 2009.

It was also the year of big multi-domain cases for both outfits.

WIPO handed 1,542 domains to Inter-Continental Hotels in a single case, while NAF transferred a relatively modest 1,017 domains to ConsumerInfo.com.

Comment Tagged: , , ,

.xxx jumps on social media bandwagon

Kevin Murphy, April 12, 2010, Domain Registries

ICM Registry, the firm behind the proposed .xxx TLD, has belatedly joined the social media revolution, setting up a Facebook fan page and a Twitter account to expound the benefits of pornographic domain names.

I’d hazard a guess that this is in response to the deluge of negative opinion currently directed at it in ICANN’s public comment forum.

If you can wade through the Christian spam there, you’ll find only a handful of people backing ICM.

Some of these comments come from policy wonks, urging ICANN to show it can be as accountable as it says it is.

Others come from random individuals, suspiciously based in ICM’s home state of Florida.

If this woman, for example, is not British ICM president Stuart Lawley’s green card lawyer, I’ll eat my beanie.

Hat tip: @mneylon

1 Comment Tagged: , ,

Politics at play in DNS CERT debate

Kevin Murphy, April 12, 2010, Domain Policy

ICANN chief Rod Beckstrom may have shot himself in the foot when he claimed at the Nairobi meeting that the domain name system is “under attack” and “could stop at any given point in time”.

Beckstrom wants ICANN to create a new CERT, Computer Emergency Response Team, to coordinate DNS security, but he’s now seeing objections from country-code domain managers, apparently connected to his remarks last month.

Chris Disspain of auDA, Australia’s .au registry, has just filed comments on behalf of the ccNSO council, which he chairs, saying it’s not clear whether there’s any need for a DNS CERT, and that ICANN is moving too fast to create one.

It’s pretty clear from the ccNSO statement that Hot Rod’s fairly blunt remarks at the GAC meeting in Nairobi, which I transcribed in full here, have influenced the ccNSO’s thinking on the matter:

the comments of ICANN’s CEO and President, Rod Beckstrom, to governmental representatives in Nairobi, have the potential to undermine the productive relationships established under ICANN’s multi-stakeholder model, cause damage to the effective relationships that many ccTLD operators have developed with their national administrations and discounted the huge efforts of many in the ICANN and broader security community to ensure the ongoing security and stability of the Internet

Disspain had already strongly written to Beckstrom, during the ICANN meeting, calling his comments “inflammatory” and reiterating some of the points made in the latest ccNSO filing.

Beckstrom’s response to Disspain’s first letter is here. I would characterize it as a defense of his position.

It seems pretty crazy that something as important as the DNS has no official security coordination body but, as Disspain points out, there are already some organizations attempting to tackle the role.

DNS-OARC, for example, was set up to fulfill the functions of a DNS CERT. However, as founder Paul Vixie confessed, it has so far failed to do so. Vixie thinks energies would be better spent fixing DNS-OARC, rather than creating a new body.

ICANN’s comments period on its DNS CERT business case is open for another couple of days. It’s so far attracted only a handful of comments, mostly skeptical, mostly filed by ccTLD operators and mostly suggesting that other organizations could handle the task better.

If Beckstrom’s aim in Nairobi was to reignite the debate and Get Stuff Done by scaring stakeholders into action, he may find he’s been successful.

However, if his aim was to place ICANN at the center of the new security initiative, he may ultimately live to regret his remarks.

Either way, I expect DNS security will eventually improve as a result.

Comment Tagged: , , , , , , , ,

.jobs aiming to become a gTLD by the back door?

Employ Media, the company behind the sponsored TLD .jobs, looks like it’s making a play to become a significantly more open gTLD.

The company has proposed a substantial relaxation of its registration policies, based on what may be a loophole in its ICANN registry contract.

Currently, the .jobs namespace is one of the most restrictive TLDs. Only company names can be registered, and registrants have to be approved HR professionals at those companies.

As you might imagine, it’s been phenomenally unsuccessful from a business point of view, with only about 15,000 domains registered since it went live five years ago.

Employ Media now wants to be able to register “non-companyname” domains, and is to apply to its sponsorship body, the Society for Human Resource Management, for permission.

At least, that’s what it looks like. The documents posted over at policy.jobs are pretty opaque.

Indeed, as ERE.net points out, the “proposed amendment” to its charter reads more like a claim that no amendment is required.

The company appears to be pursuing a business model whereby it could auction off …continue reading

3 Comments Tagged: , , , , , ,

Richard Dawkins files UDRP claim for richarddawkins.com?

Kevin Murphy, April 8, 2010, Domain Policy

Biologist Richard Dawkins, perhaps the planet’s most famous and controversial atheist, has apparently filed a UDRP claim for richarddawkins.com.

The domain, which is down, is registered to a New Jersey address. For the last 10 years, up until at least a week ago, it has sold Dawkins’ books via Amazon’s affiliate program.

The UDRP case was filed with the National Arbitration Forum yesterday. The parties to the case are not yet listed.

Dawkins’ official web site is hosted at richarddawkins.net.

Interestingly, richarddawkins.org is owned by the loopy creationist group Access Research Network. ARN’s page incorrectly points visitors to richarddawkins.com if they want the “official” site.

Dawkins may have a struggle on his hands. Celebrity cybersquatting cases are rarely straightforward, and he may have trouble proving both trademark rights and bad faith.

Better knock on wood, Richard.

1 Comment Tagged: , , , ,

UK domains get government oversight

With the passing of the Digital Economy Bill last night, the UK government has created powers to oversee Nominet, the .uk registry manager, as well as any new gTLD that is “UK-related”.

The Bill would allow the government to replace a registry if, in its opinion, the registry’s activities tarnish the reputation or availability of UK internet services.

It also allows the minister to apply to a court to alter the constitution of a registry such as Nominet.

The legislation was created in response to concerns that the registry could be captured by domainers, following a turbulent few years within Nominet’s leadership.

Nominet has since modified its constitution to make this unlikely, and is now of the position that the government will have no need to exercise its new powers.

The Bill does not name Nominet specifically, but rather any domain registry that is “UK-related”.

An internet domain is “UK-related” if, in the opinion of the Secretary of State, the last element of its name is likely to cause users of the internet, or a class of such users, to believe that the domain and its sub-domains are connected with the United Kingdom or a part of the United Kingdom.”

This almost certainly captures the proposed .eng, .scot and .cym gTLDs, which want to represent the English, Scots and Welsh in ICANN’s next new gTLD round.

2 Comments Tagged: , , , , , , ,

DNS is sexy? Dyn thinks so

Kevin Murphy, April 8, 2010, Domain Services

Dynamic Network Services has launched a marketing campaign aimed at convincing people that DNS is “sexy”.

The company, which provides managed DNS services as Dyn.com, evidently has its tongue in its cheek, but has plastered the “DNS is Sexy” slogan across its web site anyway.

It has even registered DNSisSexy.com to bounce users to its corporate pages.

There’s a list of ten reasons why this frankly bizarre proposition might be true, including:

7. Standard features like DNSSEC on our Dynect Platform defend you from would be cyber criminals that want to steal your important information online. Bye bye identity theft!

Feeling sexy yet? Me neither.

How about:

9. Recursive DNS like our free Internet Guide, can protect your family and friends from unwanted Web content with customized defense plans.

Feeling sexy now? No?

Still, Go Daddy managed to mainstream domain name registration by incorporating boobs quite heavily in its TV campaigns, and everybody is interested in the ongoing sex.com and .xxx sagas, so it’s not beyond the bounds of possibility that Dyn could do the same for managed DNS.

To be honest, I can’t quite visualise it.

Dyn is asking people to tweet their reasons why DNS is “sexy” including the hashtag #dnsissexy. I’ve done mine.

2 Comments Tagged: , , ,

Flying.com sells for $1.1 million

Kevin Murphy, April 7, 2010, Domain Sales

Flying.com has been sold to UsedAirplanes.com for $1.1 million.

UsedAirplanes said in a press release that it will spend the rest of the year turning the domain into a social media site for flying enthusiasts, through which it can market its used plane listings.

According to the press release, the domain last changed hands in September last year, for $845,000, which gives the seller a very nice return on a quick flip.

“The amount of traffic Flying.com will generate will obviously enhance the amount of leads our brokers will receive for their used airplanes and aircraft,” said CEO Mark Horne.

While it’s undoubtedly a category killer for aviators, the domain doesn’t currently seem to rank highly in search engines for the term “flying”.

The related domain Fly.com sold for $1.8 million in January 2009. Last week, Pilot.com was sold through Sedo for $300,000.

1 Comment Tagged: , ,

.xxx TLD passes Godwin’s law milestone

ICM Registry’s application for the .xxx TLD passed a crucial milestone yesterday, when it was compared to the Nazis for the first time.

Godwin’s law states: “As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one.”

That moment arrived at 11:54:09 yesterday, when an ICANN commentator by the name of Ian K posted this:

If we truly believe in *NET NEUTRALITY*, then a TLD such as XXX has no part in it. Adding the TLD to the options, along with all that it means, is no different than when the *Nazi’s* forced all of the /Jewish Faith/ to wear *yellow Stars of David*, for easy identification, and subsequent *persecution*.

Mr K’s comment comes amid a deluge of negative opinion from pornographers and Christians alike. The latter disagree with porn in principle; the former think .xxx will lead to censorship.

The .xxx discussion has been dragging on for the best part of a decade, so the Godwin milestone has been a long time coming.

Frankly, I’m surprised it took this long.

Comment Tagged: , , ,