Latest news of the domain name industry

Recent Posts

ICANN found a zero-day hole in Adobe Connect

Kevin Murphy, April 23, 2018, Domain Tech

It’s looking like ICANN may have found a zero-day vulnerability in Adobe Connect, until recently its default collaboration tool.

The organization on Friday announced the results of a “forensic investigation” into the bug, and said it has reported its findings to Adobe, which is now “working on a software fix to address the root cause of the issue”.

If Adobe didn’t know about it, it looks rather like ICANN — or at least the unnamed member of the security advisory committee who found it — has bagged itself a zero-day.

ICANN had previously said that the glitch “could possibly lead to the disclosure of the information shared in an ICANN Adobe Connect room”.

The review found that the only person who exploited the bug was the person who discovered and disclosed it.

AC is used not only in ICANN’s public meetings but also, I understand, in closed sessions of ICANN staff, board and committees, where secret information is most likely to be shared.

After the bug was discovered, ICANN shut off the system and started using alternatives such as WebEx, to a mixed reception.

In the absence of an immediate patch from Adobe, ICANN has been testing workarounds and said it hopes to have two working ones deployed by May 3.

This would allow the tool to come back online in time for its board workshop, GDD Summit and ICANN 62, the organization said.

Are new gTLD registries ripping off brands with unfair sunrise fees?

Forget .sucks — several less controversial new gTLD registries have come under fire from the likes of Google, Facebook and Adobe for charging sunrise fees as high as $17,000 for domains matching famous trademarks.

According to figures supplied to DI by ICANN’s Business Constituency, the domain instagram.love carries a $17,610 “Premium Name Fee” during the current sunrise period.

Instagram is of course the photo sharing service belonging to Facebook, and to the best of my knowledge not a dictionary word.

The domain facebook.love has a $8,930 fee, these figures show, while google.love costs $6,610, both in addition to sunrise fees of $350 and annual fees of $60.

The regular sunrise fee for .love comes in at $265 at some registrars.

The new gTLDs .design, .video, .wang, .wein, .rich and .top also seem to carry very high fees for brands such as Facebook, according to the BC’s numbers.

Google recently filed a public comment with ICANN which warned:

some registry operators are taking advantage of rights owners during Sunrise by charging exorbitant and extortionate Sunrise registration fees. Although such pricing policies are not strictly within the ICANN compliance mandate, they contravene the spirit of the RPMs [rights protection mechanisms], damage ICANN’s reputation, harm consumers in contravention of ICANN’s mandate to promote the public interest, and create disincentives for rights owners to take advantage of the Sunrise period

Similar comments were sent by the Intellectual Property Constituency, BC, and others.

The issue of registries charging super-high “premium” fees for trademarked names has been on the radar of the BC and the IPC since at least 2013.

It seems that in at least some cases, trademark owners are being hit with the higher fees because their marks are dictionary words that the registry has identified as premium due to their regular meaning.

For example, adobe.design is on the list of names provided by the BC, carrying a $1,175 registration fee.

But Andrew Merriam, director of business development at .design registry Top Level Design, denied that the software company is being targeted. Instead, he said “adobe” refers to the material used in architecture — its dictionary meaning.

He said: “Stucco.design, concrete.design, wood.design, granite.design (and many other materials and building styles) are all on the premium list, at varying prices. In fact, adobe.design is priced on the lower end of all these materials.”

Merriam said the registry’s premium fee for adobe.design is actually $250 and speculated that $1,175 could be the price quoted by Adobe’s brand protection registrar post-markup. It was $349 at Go Daddy, he said.

In other cases, trademarks may have found their way on to premium lists due to a lack of manual vetting by the registry, rather than nefarious targeting.

In the case of instagram.love, Evatt Merchant of .love registry Merchant Law Group told DI that Facebook can buy the name for the normal sunrise fee if it wants.

He told DI that trademark owners should contact the registry if they believe their marks have been wrongly given premium prices. He said:

While it is possible that some brand terms that are frequently googled have ended up on the premium list, valued based on their Google search frequency, there is a simple solution. During the sunrise period, brands seeking non-dictionary trademarked domain names can contact the registry so that a review of individual sunrise pricing can occur. As has already occurred, such requests will often result in the .LOVE TLD voluntarily offering to reduce their sunrise application cost to the base sunrise price and that would certainly be the case for Instagram.

ICANN’s does not regulate pricing in new gTLDs, but nevertheless the IPC and BC and their members have asked ICANN to include premium pricing of trademarked names in its upcoming review of rights protection mechanisms.