Recent Posts
- Amazon joining GlobalBlock
- Unstoppable buys 10 new registrars
- ICANN cleaning house, cans four more registrars
- ICANN to throw millions more at cheapo gTLDs
- Introducing Stringtel, my new free new gTLD tool
- GlobalBlock signs the two best deals it will ever get
- Seven registrars get terminated
- GoDaddy launches DomainMaxxing to optimize your domains
- .latino gTLD to launch soon
- Amazon readies .pay gTLD
- Nominet reveals first DNS tech funding recipients
- ICANN hit with tinfoil-hat lawsuit
- .pn relaunches — you’ll never guess what they say it means
- Unstoppable focuses on proper domains, admits crypto was “craze”
- ICANN boss: no plans to scrap Oman meeting
- China domains dip in 2026
- ICANN maps out new gTLD timeline
- War disrupts ICANN 85
- Namecheap abandons fight for .org price caps
- Identity Digital acquires another gTLD
- Seven dead registrars on the out
- Sav.com owner takes over .radio gTLD
- .com zone tops 160 million domains
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
ICANN will alert gTLD security bug victims
ICANN plans to inform each new top-level domain applicant whether they were affected by the security vulnerability in its TLD Application System, according to its latest update.
The organization has also confirmed that it is still targeting April 30 for the Big Reveal day, when it publishes (deliberately) the gTLDs being applied for and the names of the applicants.
This morning’s TAS status update, penned by chief operating officer Akram Atallah, does not add much that we did not already know about the data leakage bug. It states:
An intensive review has produced no evidence that any data beyond the file names and user names could be accessed by other users.
We are currently reviewing the data to confirm which applicants were affected. As soon as the data is confirmed, we will inform all applicants whether they were affected.
ICANN staff and outside consultants have been working all weekend to figure out what went wrong, who it affected, and how it can be fixed.
The organization still intends to announce tonight whether it has fixed the problem to the point where it’s happy to reopen TAS to registered users tomorrow. It’s also sticking to is Friday extended submission deadline.
MyTLD has spare TAS accounts for new gTLDs
The new gTLD consultancy MyTLD has some ICANN TLD Application System slots going begging.
If for some reason you need to file a gTLD application and you haven’t already registered in TAS, this is what MyTLD says it is now offering:
(i) gTLD application writing and submission (ii) TAS account for the gTLD application (iii) Newly formed company corresponding to the TAS account
The company is marketing it as a bundled service.
MyTLD is most closely associated with the most prominent .music application. It’s run by Music.us owner Constantine Roussos and former ICANN internationalized domain name expert Tina Dam.
The offer is fleshed out a bit more on MyTLD’s blog.
I hear the company was shopping these TAS slots around privately prior to April 12 too, so I don’t think that it is an effort to capitalize on the security-related delays ICANN is currently experiencing.
However, one has to ask why the offer is only being publicized after the original official deadline for new gTLD applications has already passed.
TAS is expected to re-open for business on Tuesday, and close on Friday.
ICANN knew about TAS security bug last week
ICANN has known about the data leakage vulnerability in its TLD Application System since at least last week, according to one new top-level domain applicant.
The applicant, speaking to DI on the condition of anonymity today, said he first noticed another applicant’s files attached to his gTLD application in TAS last Friday, April 6.
“I could infer the applicant/string… based on the name of the file,” said the applicant.
He immediately notified ICANN and was told the bug was being looked at.
ICANN revealed today that TAS has a vulnerability that, in the words of COO Akram Atallah, “allowed a limited number of users to view some other users’ file names and user names in certain scenarios.”
The actual contents of the files are not believed to have been visible.
But other applicants, also not wishing to be identified, today confirmed that they had uploaded files to TAS using file names containing the gTLD strings they were applying for.
It’s not yet known how many TAS users were able to see files belonging to others, or for how long the vulnerability was present on the system.
However, it now does not appear to be something that was accidentally introduced during yesterday’s scheduled TAS maintenance.
This kind of data leakage could prove problematic — and possibly expensive — if it alerted applicants to the existence of competing bids, or caused new competing bids to be created.
ICANN shut down TAS yesterday and does not expect to bring it back online until Tuesday.
The window for filing applications, which had been due to close yesterday, has been extended until 2359 UTC next Friday night.
April 14 Update
ICANN today released a statement that said in part:
we are sifting through the thousands of customer service inquiries received since the opening of the application submission period. This preliminary review has identified a user report on 19 March that appears to be the first report related to this technical issue.
Although we believed the issues identified in the initial and subsequent reports had been addressed, on 12 April we confirmed that there was a continuing unresolved issue and we shut down the system.
It’s worse than you thought: TAS security bug leaked new gTLD applicant data
The bug that brought down ICANN’s TLD Application System yesterday was actually a security hole that leaked data about new gTLD applications.
The vulnerability enabled TAS users to view the file names and user names of other applicants, ICANN said this morning.
COO Akram Atallah said in a statement:
We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users’ file names and user names in certain scenarios.
Out of an abundance of caution, we took the system offline to protect applicant data. We are examining how this issue occurred and considering appropriate steps forward.
Given the level of secrecy surrounding the new gTLD application process, this vulnerability ranks pretty highly on the This Is Exactly What We Didn’t Want To Happen scale.
It’s not difficult to imagine scenarios in which a TAS user name or file name contains the gTLD string being applied for.
This is important, competition-sensitive data. If it’s been leaked, serious questions are raised about the integrity of the new gTLD program.
How long was this vulnerability present in TAS? Which applicants were able to look at which other applicants’ data? Did any applicants then act on this inside knowledge by filing competing bids?
If it transpires that any company filed a gTLD application specifically in order to shake down applicants whose data was revealed by this vulnerability, ICANN is in for a world of hurt.
ICM confirms three porn gTLD bids
ICM Registry has applied to ICANN for the new gTLDs .sex, .porn and .adult.
If its applications are successful, the company plans to automatically block any second-level domain that is already registered in .xxx, including the Sunrise B defensive registrations.
This means if you own example.xxx, the equivalent .sex, .porn and .adult domains would be reserved until you pay a “nominal” activation fee to activate them.
As well as trademark owners, that would probably be pretty good news for owners of “premium” .xxx domains.
According to ICM, the four domains will not be permanently linked, so if you own a good .xxx you’ll be able to pay a normal registration fee then activate and sell off the three “freebies”.
Because the domains would be permanently reserved, there would be no renewal fees until you choose to activate them, which could well be the same day you sell them.
There’s a good chance these gTLDs will be contested by other applicants and objected to by governments, of course.
I’ve written more on the announcement for The Register here.
TAS glitch “not an attack” says ICANN
ICANN’s decision this afternoon to shut down its TLD Application System until next Tuesday was not prompted by hackers, according to the organization.
“It’s not an attack,” a spokesperson told DI.
ICANN announced within the last hour that it has extended the window for new gTLD applications until next Friday as a result of unspecified “unusual behavior” in TAS.
Speculation as to the cause has already started on social media, with some pointing to the possibility of hacking, but according to ICANN we can rule out foul play.
The immediate reaction from stressed-out applicants has been split between those laughing, those crying, and those doing both.
TAS was down for scheduled maintenance for two hours last night. According to two applicants who logged in afterwards, it was running very slowly when it came back online.
UPDATE: ICANN has just confirmed: “No application data has been lost from those who have already submitted applications, so it should not pose problems for existing applicants.”
Breaking: ICANN extends new gTLD application window after technical glitch
ICANN has extended the deadline to file new generic top-level domain applications by more than a week after its TLD Application System experienced “unusual behavior”.
TAS will be down until next Tuesday while ICANN fixes the unspecified problem, ICANN said.
Here’s the meat of ICANN’s announcement:
Recently, we received a report of unusual behavior with the operation of the TAS system. We then identified a technical issue with the TAS system software.
ICANN is taking the most conservative approach possible to protect all applicants and allow adequate time to resolve the issue. Therefore, TAS will be shut down until Tuesday at 23:59 UTC – unless otherwise notified before that time.
In order to ensure all applicants have sufficient time to complete their applications during the disruption, the application window will remain open until 23:59 UTC on Friday, 20 April 2012.
What this means for the Big Reveal, currently scheduled for April 30, is not yet clear. More when we get it.
TLDH wins .london contract, gets hacked
Top Level Domain Holdings has won the exclusive contract to apply to ICANN for the .london generic top-level domain, it has just been announced.
The deal was awarded by Dot London Domains, a subsidiary of official city PR agency London & Partners, to Minds + Machines Ltd, TLDH’s London-based subsidiary.
M+M will assist with the application and, assuming ICANN delegates .london, the registry infrastructure for at least seven years, with a three-year renewal option.
The application fees will be paid by L&P, according to TLDH chairman Peter Dengate Thrush.
The good news was soured slightly by an apparent hacking of TLDH’s web site by Viagra spammers this morning. According to the Google Cache, when the news broke, tldh.org looked like this:
TLDH is listed on London’s Alternative Investment Market.
It also has an office here, though its senior executives are based in the US and the company is registered in the tax haven of the British Virgin Islands.
I’d previously tagged .uk registry Nominet as the favorite to win the contract, but the company said today that it withdrew its bid last week.
APRIL 12 UPDATE
TLDH denies it got hacked yesterday. According to a spokesperson, there was an incident last August that may have been responsible for the Google Cache continuing to show Viagra spam for tldh.org yesterday.
From the explanation provided, it sounds like it was probably what’s sometimes known as a “conditional hack”, a difficult-to-detect attack whereby only the GoogleBot sees the spam SEO links.
The TLDH web site itself apparently never showed the links to visitors. Indeed, I only looked at the cache because tldh.org refused to load up for me yesterday morning.
The spokesperson maintained that the problem was sorted out last August and that TLDH has no idea why the Google Cache was showing the spam links in its cached page dated April 11, 2012.
Three-way legal fight over .eco breaks out
Planet.eco, an emergent .eco gTLD applicant with a trademark on “.eco” is suing two rival applicants for trademark infringement and cybersquatting in a California court.
The company sued DotEco (affiliated with Minds + Machines and Top Level Domain Holdings), along with CEO Fred Krueger, and Canada-based Big Room on March 2.
It’s looking for millions of dollars of damages and an injunction preventing both rival applicants from applying for .eco.
In late March, DotEco filed a counter-suit, alleging that Planet.eco’s .eco trademark was fraudulently obtained and that the company is trying to illegally stifle competition for the .eco gTLD.
That’s the short version. It’s a complex story with a great deal of history and more than a little bogus behavior.
DomainIncite PRO subscribers can read the full DI analysis, along with more PDFs than you could ever possibly need, here.
(Thanks to reader Tom Gilles for the tip)
Google confirms new gTLD bids
Google will apply for several new generic top-level domains, according to a report in AdAge.
The company will apply for some dot-brands, and possibly some keywords, the report indicated.
“We plan to apply for Google’s trademarked TLDs, as well as a handful of new ones,” the spokeswoman said in an emailed statement.
AdAge speculates that .google and .youtube would be among the applications, which seems like a fair assumption.
The revelation comes despite the fact that Google engineers recently stated that there would be no guaranteed search engine optimization benefits from owning a gTLD.
However, I wouldn’t be surprised if keywords representing some of Google’s services, such as .search and .blog, are also among its targets.
The total cost to Google is likely to run into millions in ICANN application fees alone.
It will also be interesting to see which registry provider — if any — Google has selected to run its back-end.
Google is one of the few companies out there that could scratch-build its own registry infrastructure without breaking a sweat.
The AdAge report also quotes Facebook and Pepsi executives saying they will not apply.
Recent Comments