Latest news of the domain name industry

Recent Posts

ICANN got hacked by crypto bots

Kevin Murphy, April 16, 2019, Domain Tech

ICANN had to take down its community wiki for several hours last week after it got hacked by crypto-currency miners.

The bad guys got in via one of two “critical” vulnerabilities in Confluence, the wiki software that ICANN licences from Atlassian Systems, which ICANN had not yet patched.

ICANN’s techies noticed the wiki, which is used by many of its policy-making bodies to coordinate their work, was running slowly April 11.

They quickly discovered that Atlassian had issued a vulnerability warning on March 20, but ICANN was not on its mailing list (doh!) so hadn’t been directly notified.

They also determined that a malicious “Crypto-Miner” — software that uses spare CPU cycles to attempt to create new cryptocurrency coins — had been installed and was responsible for the poor performance.

ICANN said it took the wiki down, restored it to a recent backup, patched Confluence, and brought the system back online. It seems to have taken a matter of hours from discovery to resolution.

The organization said it has now subscribed to Atlassian’s mailing list, so it will be notified of future vulnerabilities directly.

Donuts invests in Bitcoin startup

Donuts has made an investment in Netki, a company focused on digital wallets used in Bitcoin and other e-money systems.

Netki’s service is designed to make it easier to locate the wallets Bitcoin users use when they send and receive money, which are usually gibberish strings of around 34 characters.

The company service, when integrated into wallet providers’ offerings, converts these impossible-to-remember strings into easy-to-understand domain names.

An example given by Netki on its web site is the wallet name 1CpLXM15vjULK3ZPGUTDMUcGATGR9xGitv, which can instead be rendered as wallet.BruceWayne.rocks.

The company seems to make its money from end users by selling domain names with a higher mark-up than you’d usually expect. A .com via Netki is $20.99, for example.

It offers scores of TLDs, both generic legacy, new, and ccTLD, many of which are in the Donuts stable.

The size of the investment was not disclosed.

It’s the second investment to be announced from Donuts Labs. In May, it invested in “geofencing” startup GeoFrenzy.

Domain seizures can’t stop online drug pushers

Kevin Murphy, June 6, 2011, Domain Policy

Two US senators have reportedly asked the Drug Enforcement Agency to seize the domain name of Silk Road, a web site that lets drug users buy heroin and other narcotics online.

There’s just one problem: the site doesn’t have a domain name.

Silk Road is reportedly a bit like eBay, but for illegal drugs. You can buy ecstasy, marijuana, heroin and so forth, from actual dealers, using the peer-to-peer virtual currency Bitcoins.

This weekend, Sen. Charles Schumer and Sen. Joe Manchin wrote to the DEA to demand that the site’s domain name be seized, an increasingly popular tactic in law enforcement.

But Silk Road’s address is apparently ianxz6zefk72ulzz.onion, which is only accessible through the mostly anonymous TOR onion-routing P2P network.

As far as I can make out, there is no registry for .onion addresses – they’re cryptographic hashes of private keys known only to the registrant, which ensures almost-uniqueness without the need for a central repository.

In other words, seizing the domain is going to be impossible.