Latest news of the domain name industry

Recent Posts

ICANN got hacked by crypto bots

Kevin Murphy, April 16, 2019, Domain Tech

ICANN had to take down its community wiki for several hours last week after it got hacked by crypto-currency miners.

The bad guys got in via one of two “critical” vulnerabilities in Confluence, the wiki software that ICANN licences from Atlassian Systems, which ICANN had not yet patched.

ICANN’s techies noticed the wiki, which is used by many of its policy-making bodies to coordinate their work, was running slowly April 11.

They quickly discovered that Atlassian had issued a vulnerability warning on March 20, but ICANN was not on its mailing list (doh!) so hadn’t been directly notified.

They also determined that a malicious “Crypto-Miner” — software that uses spare CPU cycles to attempt to create new cryptocurrency coins — had been installed and was responsible for the poor performance.

ICANN said it took the wiki down, restored it to a recent backup, patched Confluence, and brought the system back online. It seems to have taken a matter of hours from discovery to resolution.

The organization said it has now subscribed to Atlassian’s mailing list, so it will be notified of future vulnerabilities directly.

Wikipedia to get single-letter .wiki domain

Top Level Design has scored a bit of a coup for its forthcoming .wiki gTLD — Wikimedia Foundation, which runs Wikipedia, has signed up as an anchor tenant.

According to the registry, Wikimedia will use w.wiki as a URL shortener and they’re in talks about other domains.

The company has also applied to ICANN to release hundreds of two-letter language codes that the foundation wants to use for language-specific short links.

The deal is reminiscent of .CO Internet’s launch, when it allocated the now-ubiquitous t.co for Twitter’s in-house URL shortener, giving it a much-needed marketing boost.

The deal for two-letter domains stands only a slim chance of of being ready in time for .wiki’s general availability, scheduled for May 26, in my view.

Under ICANN’s standard Registry Agreement, all two-character strings are blocked, in order to avoid clashes with country codes used in the ccTLD naming schema.

Top Level Design has now used the Registry Services Evaluation Process to try to get 179 two-letter strings, each of which represents a language code, unblocked.

Wikimedia explicitly endorses the proposal, in a letter attached to the March 11 RSEP (pdf)

The organization plans to use domains such as fr.wiki to redirect to French-language Wikipedia pages and so forth.

It remains to be seen whether ICANN will approve the request. It’s previously been envisaged that registries would approach each country individually to have its ccTLD’s matching string released.

Top Level Design points out that the strings it wants unblocked are from the ISO 639-1 language codes list, not the ISO 3166-1 lists from which ccTLD names are drawn.

But it’s a bit of an argument to nowhere — the strings are identical in most cases.

Under the RSEP policy, Top Level Design really should have been given a preliminary determination by now. It filed its request March 11 but it was only posted last week.

The clock, which gives ICANN 15 days to give the nod or not, may have only just started.

After the preliminary determination, there would be a public comment period and a board of directors decision. The timetable for this would not allow .wiki to launch with the two-letter names active.

But even with the delay, it seems that the registry will be coming out of the door with at least one strong anchor tenant, which is something most new gTLDs have so far failed to manage.