Latest news of the domain name industry

Recent Posts

Three more dot-brands dumped

Two companies have yanked three bids for dot-brand new gTLDs this week.

The German financial advisor Allfinanz Deutsche Vermögensberatung withdrew its applications for .allfinanzberatung and .allfinanzberater, which mean Allfinanz “advice” and “advisers”.

As well as being a bit of a mouthful, they both appear to be unnecessary given that the company also applied for .allfinanz by itself. That application has passed evaluation and is still active.

Meanwhile, in Finland, one of the world’s biggest elevator/escalator manufacturers, KONE, has withdrawn its equally unfathomable application for .kone.

Roughly 55 dot-brand applications have been withdrawn to date. Hundreds remain.

Afilias loses $600,000 auction for Chinese “.info”

The results of the first “auction of last resort” in the new gTLD program are in, and it’s a bit of a head-scratcher.

Afilias lost out to rival applicant Beijing Tele-info Network Technology in the ICANN-backed auction for .信息 which means “info” or “information” in Chinese.

The winning bid was $600,000, ICANN said.

That money goes into a special ICANN fund, which will be put to some kind of unspecified purpose (to be determined by the ICANN community) at a later date.

It seems like quite a low price. Given what little we know about new gTLD auctions conducted privately, over a million dollars seems to be pretty standard for a gTLD.

It also strikes me as odd that Afilias wasn’t willing to shell out over $600,000 for a gTLD that could take a localized version of its existing .info brand into the world’s largest market.

It’s the only contention set to be settled by ICANN auction so far. The next will take place July 9, and will see Minds + Machines take on Amazon for .coupon.

The third, which will see 22 strings hit the block, will take place August 6.

RADAR to be down at least two weeks after hack

ICANN expects its RADAR registrar database to be offline for “at least two weeks” following the discovery of a security vulnerability that exposed users’ login names and encrypted passwords.

ICANN seems to have been quick to act and to disclose the hack.

The attack happened last weekend and ICANN was informed about it by an “internet user” on Tuesday May 27, according to an ICANN spokesperson. RADAR was taken offline and the problem disclosed late May 28.

The spokesperson added that “we do not believe the user is affiliated with a current or previously accredited registrar.”

ICANN isn’t disclosing the nature of the vulnerability, but said RADAR will be offline for some time for a security audit. The spokesperson told DI in an email:

It will be at least two weeks. It is more important to complete a thorough security assessment of the site than to rush this process. First of all, we’re keeping the system offline until we complete a thorough audit of the system. We are also currently engaged in a security review of all systems and procedures at ICANN to assess and implement ongoing improvements as appropriate.

RADAR is a database used by registrars to coordinate stuff like emergency contacts and IP address whitelisting for bulk Whois access.

The downtime is not expected to impact registrants, according to ICANN. The spokesperson said: “Nothing that occurred has raised any concerns that registrants could or would be adversely affected.”

ICANN registrar database hacked

ICANN’s database of registrar contact information has been hacked and user data has been stolen.

The organization announced this morning that the database, known as RADAR, has been taken offline while ICANN conducts a “thorough review” of its security.

ICANN said:

This action was taken as a precautionary measure after it was learned that an unauthorized party viewed data in the system. ICANN has found no evidence of any unauthorized changes to the data in the system. Although the vulnerability has been corrected, RADAR will remain offline until a thorough review of the system is completed.

Users of the system — all registrars — have had their usernames, email addresses and encrypted passwords compromised, ICANN added.

ICANN noted that it’s possible to brute-force a hashed password into plaintext, so it’s enforcing a password reset on all users, but it has no evidence of any user accounts being accessed.

RADAR users may want to think about whether they have the same username/password combinations at other sites.

RADAR is a database used by registrars in critical functions such as domain name transfers.

Registrars can use it, for example, to white-list the IP addresses of rival registrars, enabling them to execute large amounts of Whois queries that would usually be throttled.

The news follows hot on the heels of a screwup in the Centralized Zone Data Service, which enabled any new gTLD registry to view data belonging to rival registries and other CZDS users.

US House passes anti-ICANN bill

Kevin Murphy, May 27, 2014, Domain Policy

The US House of Representatives has passed the DOTCOM Act, which would prevent the Department of Commerce from walking away from its oversight of the DNS root zone.

The bill was approved as an amendment to a defense authorization act, with a 245-177 vote that reportedly saw 17 Democrats vote in line with their Republican opponents.

The DOTCOM Act has nothing whatsoever to do with .com. Rather, it’s a response to the National Telecommunications and Information Administration’s plan to relinquish its role in root zone management.

The bill as passed (pdf) would prevent NTIA from agreeing to any multistakeholder community-created IANA transition proposal until the Government Accountability Office had issued a study on the proposal.

The GAO would have one year from the point ICANN submits the proposal to come up with this report.

That means that if ICANN and NTIA want to stick to their September 2015 target date for the transition, either the ICANN community would need to produce a proposal at unprecedented and unlikely speed or the GAO would need to take substantially less than a year to write its report.

I don’t think it’s an impossible target, but it’s certainly looking more likely that NTIA will have to exercise one of the two-year automatic renewal options in the current IANA contract.

That’s all assuming that a matching bill passes through the Democrat-controlled Senate and then receives a presidential signature, of course, which is not a certainty.

Assuming a bloc vote by the 47 Republican Senators, only four Democrats (or independents) would need to switch sides in order for the DOTCOM Act to become, barring an unlikely presidential veto, law.

To the best of my knowledge there is not currently a matching bill in the Senate.