Latest news of the domain name industry

Recent Posts

VeriSign poised to sell SSL business to Symantec

Reliable news sources including the Wall Street Journal and Reuters are reporting that VeriSign is on the verge of offloading its market-leading SSL certificate business to Symantec for over $1 billion.

The sale would be the latest in a series of spin-offs that started in 2007, highlighting the company’s renewed focus on domain names.

VeriSign spent many years acquiring a bunch of companies in tenuously related markets – deals that never really made any sense to me – and the last few years selling them off again.

But SSL is not really in the same category as VeriSign’s bizarre forays into, for example, the Crazy Frog ringtone company. It’s the business the company was founded on when it was spun out of RSA Security 15 years ago.

It’s called VeriSign for a reason.

But offloading the SSL business would make sense. One of the reasons VeriSign bought Network Solutions ten years ago was the obvious retail synergies between domain names and SSL certificates – customers could buy both at the same time.

That synergy was diluted when VeriSign spun the NSI registrar business out as a separate company three years later, creating the vertically separated domain name market we know today.

Symantec, with its fingers in the enterprise and home/small business pies, might be able to make a better crack at the SSL game.

So is this bad news for SSL’s current silver medal holder, Go Daddy?

Possibly. Symantec is a force to be reckoned with – only marketing prowess could explain why so many people use Norton.

Of course, these news stories could be nonsense.

But my guts say they’re probably based on the same kind of leaks that companies often float to the press, to see what the markets do, when they’re in the final stages of negotiations.

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Go Daddy plays down “massive” attack claim

Kevin Murphy, April 26, 2010, Domain Registrars

Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.

Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.

(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)

But Go Daddy says the problem is not as widespread as it sounds.

“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.

“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”

The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.

And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.

That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.

For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.

.co enters pricey global sunrise

Kevin Murphy, April 26, 2010, Domain Registries

Trademark holders can from today apply for their brands as .co domain names, even if they do not do business in Colombia.

The second stage of .CO Internet’s sunrise period allows owners of non-Colombian trademarks to apply for their domains through one of 10 chosen launch registrars.

Prices vary from $225 with OpenSRS to $335 through Dotster, with most deals comprising non-refundable application fees plus first-year registration. Go Daddy is charging $299.99 and Network Solutions is charging $279.99.

With the possible exception of .xxx, I’ve got a suspicion that this could be one of the last “generic” TLD launches with such expensive sunrise periods.

It’s quite possible there could be pricing pressure if ICANN quickly approves a few hundred new gTLDs next year. If each charges ~$300 for a pre-launch, it could cause some some registrants to rethink their defensive registration strategies.

The .co sunrise ends June 10. General availability begins July 20.

Network Solutions under attack again

Kevin Murphy, April 18, 2010, Domain Registrars

Network Solutions’ hosting operation is under attack for the second time in a week, and this time it’s definitely not a WordPress problem.

The company has acknowledged that it has “received reports that Network Solutions customers are seeing malicious code added to their websites”, but has not yet released further details.

Sucuri.net, which was intimately involved in the news of the hack against NSI’s WordPress installations last week, blogged that this time the attacks appear to have compromised not only WordPress, but also Joomla-based and plain HTML sites.

Last week’s attacks were eventually blamed on insecure file permissions, which enabled shared-server hosting customers to look at each other’s WordPress database passwords.

But today NSI, one of the top-five domain name registrars, said: “It may not be accurate to categorize this as a single issue such as ‘file permissions’.”

Sucuri said that malicious JavaScript is being injected into the sites, creating an IFrame that sends visitors to drive-by download sites.

It’s a developing story, and not all the facts are out yet.

But it’s clear that NSI has a public relations problem on its hands. Some customers are already using Twitter to declare that they will switch hosts as a result.

And if it’s true, as Sucuri reports, that Google is already blocking some of the affected sites, who can blame them?