Recent Posts
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
- .free domains to finally arrive as Amazon reveals three gTLD launches
- Six more gTLDs shown the door, five may be auctioned
- Registrar terminated after ignoring Whois transition
- $10 million ICANN giveaway winners picked
- Whois officially died today
- Typo left MasterCard open to hackers for years
- Could ICANN approve an R-word gTLD?
- These are the TLD growers and shrinkers of 2024 (part two)
- GoDaddy ordered to stop lying about crappy security
- These are the TLD growers and shrinkers of 2024 (part one)
- Dead terrorist domains for sale, just without the hyphens
- ICANN eyes more price hikes as it predicts dismal year for industry
- Meet the six people battling to join ICANN’s board
- New gTLD use cases not much use
- Defensive dot-brands are renewing, making ICANN millions
- Identity Digital offers free domain trials through LinkedIn
- Antisemitic remarks cost registrar dearly
- ICANN lawyers want to keep their clients secret
- Facebook cybersquatter asks ICANN to overturn UDRP ruling
- .xxx founder Stuart Lawley has died
- The new gTLD Next Round is really happening as two ICANN programs go live
- Verisign has much to be thankful for as .com contract renewed
- Another 40,000 .ai domains registered
- RDRS usage hits new low
- A dot-brand that was actually used is shutting down
- .id joins the million-domain club
- GoDaddy’s .xxx contract renewed
- Twitter clone Bluesky has one feature domain people should like
- ICANN confirms two bans on new gTLD gaming
- eBay slogan domain no longer has a BIN price
- Will Donald Trump be .io’s white knight?
- As customers flee legacy gTLDs, .org tops 11 million names
- Company accidentally puts porn domain on kids’ toys
- eBay’s new slogan looks like a $75,000 domain it doesn’t own
- Americans are deserting .com
- Weak Q3 for the domain universe, Verisign reports
- ICANN says it WILL raise its domain taxes soon
- Senator says domain industry “enables” Russian disinfo attacks
- bit.ليبيا? Libya to get its Arabic ccTLD
- Verisign gets eight more years running the root
- Two-horse race for open ICANN board seat
- Chinese say internet not ready for single-letter gTLDs
- Unloved INTA slams ICANN over new gTLDs
- Namecheap scores win in .org price-cap lawsuit
- Some Guy wants to take over .com and .net
- Second-shot gTLD bid rules revealed
- Nominet names directors after tight election
- Lawyer ban coming to ICANN
- Identity Digital to take over .ai
- ICA teams up with WIPO on UDRP reform
- Response to sex harassment lawsuit “inadequate”, say ICANN vets
- Unstoppable tops four million names
- Amazon readying fashion and book gTLDs
Yeah, we got phished, ICANN admits after crypto hack
ICANN has confirmed that a phishing attack was responsible for the hacking of its Twitter account last night.
The Org placed this statement, which suggested that the attack may have been more sophisticated than you might have thought, on its home page earlier this evening:
On 11 February 2025, ICANN became aware of a successful phishing attack on our ICANN X [Twitter] account. We are investigating the root cause of the issue and working to resolve it as soon as possible. ICANN uses multi-factor authentication on all social media platforms and has confirmed that none of our other accounts have been impacted.
The hack saw ICANN’s Twitter account tweet several messages promoting a newly created memecoin cryptocurrency called $DNS, presumably to scam would-be investors out of money.
The compromise, which seemed to be timed to close of business in ICANN’s home in California, did not last long and the tweets were swiftly deleted.
Now ICANN seems to have confirmed that one of its staffers was phished to obtain @ICANN’s login credentials, but the fact that the account was protected by multi-factor authentication creates an additional wrinkle.
Twitter offers three MFA methods — codes delivered via SMS, a mobile authenticator app, or a hardware token.
In each case, logging in requires the user to have a physical device in their hand to create the secondary login credential. The victim would have had to provide this time-limited one-time password to the attacker too.
I hope the staffer who got suckered, presumably a member of the comms team, isn’t getting too much of a bollocking today, as these kinds of attacks are increasingly sophisticated and managing online life increasingly complex.
Just a day earlier, the well-known BBC political journalist Nick Robinson, who presents the popular Today show on Radio 4, got phished in what one assumes was a very similar way and for an identical purpose.
This BBC article goes into some detail about the attack on Robinson, including screenshots of the phishing email he fell for, and goes a way to explain how even somebody trained to avoid this kind of stuff can have a moment of vulnerability.
While few of Robinson’s one million Twitter followers could have seriously believed that Today had launched a memecoin, it’s more plausible that somebody familiar with crypto and somewhat aware of ICANN could have believed that ICANN would. The two areas of tech increasingly intersect nowadays.
When the attack proved successful, the bad guy must have thought all of her Christmases had come at once.
ICANN says it is going to post more information to its cybersecurity incident log as its investigation progresses.
If it turns out the phish was successful because somebody didn’t check the domain name of the link they were clicking on, it could be fascinating reading.
Whois officially died today
Domain registries and registrars are no longer obliged to offer Whois services as of today, the deadline ICANN set for formally sunsetting the protocol.
It’s been replaced by RDAP, the newer Registration Data Access Protocol, which offers a more structured way to deliver domain ownership information.
Under ICANN’s standard Registry Agreement and Registrar Accreditation Agreement, January 28 marks the end of the RDAP “ramp up period” and the moment Whois becomes purely optional.
I expect many registrars will offer Whois and RDAP in parallel for a while, so ingrained in internet architecture is the older protocol. Likewise, the term “Whois” will likely be used colloquially to refer to RDAP for some time.
The data delivered by RDAP is not substantially different to that delivered by Whois, and those who access Whois via a web interface, such as ICANN’s lookup.icann.org, probably won’t notice any difference.
The main headaches will likely be experienced by those using custom software to access Whois over port 43, who may find they have to tweak their code to parse incoming RDAP responses instead.
Importantly, the switch to RDAP does not mean users will get data that was already redacted in Whois. Privacy laws such as GDPR apply equally to RDAP.
The only way to obtain private data is contacting the relevant registrar, directly or via ICANN’s Registration Data Request Service, and crossing your fingers.
Typo left MasterCard open to hackers for years
A typo in MasterCard’s DNS configuration left the company open to hackers for years, it has emerged.
As first reported by Krebs On Security, from June 2020 until this month one of az.mastercard.com’s nameservers was set as akam.ne rather that akam.net, a domain used by DNS resolution provider Akamai.
The .ne version, in Niger’s ccTLD, was unregistered until security researcher Philippe Caturegli discovered the typo and spent $300 to secure the domain and check to see how much traffic it was getting, before handing it to MasterCard.
Had Caturegli been a bad actor, he could have used the domain to set up a man-in-the-middle attack, diverting a big chunk of traffic intended for mastercard.com to the server of his choosing.
MasterCard said its systems were not at risk and the typo has been corrected, Krebs reports.
RDRS usage hits new low
ICANN’s Registration Data Request Service was used less often in October than in any other month since it launched a year ago, according to the latest statistics.
There were 131 requests for private Whois data in the month, down from the previous low of 141 recorded in May and September’s 189, the monthly report published by ICANN shows.
There were 98 closed requests — another new low — and the mix of granted/refused requests tilted more towards approval than usual, with almost 35% of requests being approved versus 56% denied.
While it took on average 3.41 days for requests to be approved, the average time for denial was an incredible 41.96 days.
Three new registrars joined the voluntary pilot program in October, giving RDRS coverage of 60% of registered gTLD domain names.
The monthly report breaks down the geographic location of requestors and the requestor type for the first time, showing that the US was by far the biggest, followed by the UK, France and Brazil, with American IP owners and law enforcement most likely to request data.
Twitter clone Bluesky has one feature domain people should like
People are abandoning Twitter, and they seem to be largely gravitating towards a very similar clone that has one feature that should appeal to domain owners.
Bluesky, available at bsky.app, was set up by Twitter founder Jack Dorsey five years ago. It’s adding about a million users a day right now, rapidly approaching the 20 million mark today.
Anecdotally, it seems its surge in popularity has come about due to widespread dissatisfaction with Twitter’s miserable direction under Elon Musk’s leadership, particularly due to his role in the recent US presidential election.
So I thought I’d jump on the bandwagon and grab my Bluesky screen name before somebody else could.
But it turns out I didn’t need to. Bluesky has a feature that allows you to use your domain as your username, and it’s verified so nobody else can claim it.
You need to simply add a short TXT record to your DNS settings, which Bluesky can check. If you’re reading this blog, chances are you already know how to do this. It takes about two minutes.
So I’m domainincite.com on the platform and I’ll be posting there alongside Twitter, LinkedIn and Facebook from now on. Feel free to join me.
Verisign gets eight more years running the root
Verisign and ICANN have renewed their deal that sees Verisign run the DNS root, according to the company.
Verisign said the Root Zone Maintainer Agreement was renewed on October 20 for another eight-year term.
The RZMA is basically a technical services contract under which Verisign updates and publishes the root zone file (basically a list of TLDs and their nameservers) according to ICANN’s instructions. All the other root zone operators mirror that file.
It’s the first renewal since ICANN secured its independence from the US government in 2016, but Verisign and its predecessors have been managing the root since 1993.
The deal is separate from Verisign’s contracts to run .com and .net.
Twitter now up-to-date on linkification
Twitter appears to have dragged itself into the 2020s with the linkification function of its service, after years of complaints.
On the web version of its service at least, Twitter now correctly makes domains in all the newest TLDs into clickable links automatically, with no http:// prefix required.
This means users are able to share clickable domains in .spa, .kids and .music, the three gTLDs delegated after Twitter’s previous delegation cut-off point of around April 2020.
It’s not clear to me when the change was made, or whether the fix also applies to the Twitter app on Android or iOS devices.
It’s equally not clear whether the change is due to Twitter’s own engineering, or whether a third-party library somewhere in its software stack was updated independently.
Regardless, it’s good news for the registries and registrants concerned, particularly DotMusic, whose .music gTLD goes on sale today.
Twitter came in for criticism from an ICANN engineer earlier this year for ignoring outreach efforts on Universal Acceptance, the program that aims to get all TLDs functioning properly across all software platforms.
Meta, owner of Facebook, Instagram and Whatsapp, is understood to have been far more responsive, following complaints last year from the .tube registry operator.
ICANN hit by DDoS attack
If you noticed ICANN’s web site acting sluggishly or failing to respond at all last week, now you know why.
The site at icann.org was hit by a distributed denial of service attack on September 3 through September 4, according to a brief statement on the Org’s now-functional site.
ICANN identified a Distributed Denial of Service (DDoS) event that occurred on www.icann.org on 3 Sept. 2024. The situation was mitigated and service to ICANN’s website was restored on 4 Sept. 2024.
No additional information has yet been released on the size, duration or possible motivations behind the attack.
It’s the first security incident ICANN has judged significant enough to publicly disclose in over two years.
Crowdstrike screw-up took down ICANN’s email
The domain name industry seemed to have dodged a bullet when it came to last Friday’s devastating worldwide computer outage, but it emerged over the weekend that at least one ear was grazed.
ICANN revealed late Friday that its email systems, hosted by an external provider, were affected by the bug, which saw millions of Windows endpoints bricked by a dodgy patch from security firm Crowdstrike.
At 2035 UTC, ICANN said: “ICANN is having email issues and we may not receive your email. ICANN’s external email vendor has been affected by today’s global IT outages”.
But by 0121 UTC Saturday, it reported: “ICANN’s email service has been restored and all email-dependent services have resumed.”
Given that ICANN often uses 2359 UTC as a cut-off point for things like public comment submissions, which are received via email, it’s easy to see how the lack of an inbox over that window could have caused some minor headaches on a different day.
I’m not aware of reports of any serious incidents in the wider domain space caused by the Crowdstrike bug. DNS resolution services do not typically rely upon the uninterrupted availability of Windows endpoints.
Unstoppable Domains goes down after domain hijack
Unstoppable Domains, operator of the blockchain-based alternative naming system, has had its domain hijacked and is warning customers to be wary of further scams and attacks.
“Unstoppabledomains.com has been subject to an attack. Do NOT open emails from @unstoppabledomains.com or use the website until further notice,” the company tweeted on Twitter.
🚨 Community and Partners take note! https://t.co/NRTKqQHYtu has been subject to an attack. Do NOT open emails from @unstoppabledomains.com or use the website until further notice. @squarespace @SquarespaceHelp pic.twitter.com/eynrlcadbR
— unstoppable.crypto (@unstoppableweb) July 12, 2024
Company founder Matthew Gould suggested in a tweet that the company’s registrar account, at SquareSpace, has been compromised. He said he suspected it may be related to SquareSpace’s acquisition of Google Domains.
He said the attackers are already sending out “fake emails” and that he expects them to set up a fake web site at the .com domain. It does not currently resolve from where I’m sitting.
The Whois record shows that the domain was updated shortly after 0200 UTC today and then again just a few minutes ago.
Recent Comments