Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
ZoneEdit offline for five days
The Dotster-owned DNS service provider ZoneEdit this morning returned from an unexplained five-day outage that has left many users extremely miffed.
The interruption affected only ZoneEdit’s management interface, not its DNS resolution, so it only affected customers who needed to make changes to their zones.
Users first started reporting they couldn’t access their accounts on Friday.
I’ve reported the story for The Register here.
OpenRegistry behind 20 new gTLD apps
OpenRegistry will provide the back-end technical infrastructure for 20 new generic top-level domain applications filed by 15 clients, according to a report.
Dutch telco KPN, consultancy Deloitte and financial management firm LPL Financial are among its dot-brand clients, according to Knack.be, quoting executives.
Presumably, we’re looking at bids for .kpn and .lpl as well as .deloitte, which Deloitte confirmed earlier this month.
Its portfolio of applications also includes two cities – one is .gent for Ghent, the other is an American city – and two generic terms that have not yet been revealed.
(UPDATE: While OpenRegistry is not naming the American city, I hear through the grapevine that it might be Boston).
Its clients have a total market cap of $150 billion, according to the report.
That’s not a bad roster for the start-up, whose technical arm is known as Sensirius. The Benelux company was founded in late 2010 by former executives from EuroDNS and Belgian ccTLD manager DNS.be.
A year ago it won the contract to manage the back-end for .sx, the new ccTLD for Sint Maarten.
Rugby board tries for .rugby with TLDH
The International Rugby Board has applied to ICANN for the generic top-level domain .rugby with Top Level Domain Holdings, the IRB announced today.
It appears to be a defensive as well as offensive move, judging by the press release.
It’s about “protecting and promoting Rugby’s values and ethos” and ensuring .rugby “resides within the sport”, according to IRB chairman Bernard Lapasset.
The application will be filed in partnership with TLDH, as well as a new company called ROAR Domains, which appears to be a part of a Kiwi sports marketing agency.
If the bid is successful, TLDH subsidiary Minds + Machines will provide the registry back-end.
The IRB is the international body for rugby associations which organizes the Rugby World Cup.
There are already a few .sport bids, and the Australian Football League has applied for a .afl dot-brand, but I think .rugby may be the first sport-specific gTLD application to be announced.
TAS down for at least another week
If you’re just joining us, welcome to the ICANN community.
The TLD Application System will be offline for another week, possibly more, as ICANN struggles to deal with the fallout from its embarrassing data leakage bug.
ICANN had promised an update today on the timing of the reopening of TAS, which was taken offline April 12 just 12 hours before the new gTLD application filing deadline arrived.
But what applicants got instead was a promise to provide another timing update a week from now.
Chief operating officer Akram Atallah said in a statement:
identifying which applicants may have been affected by the technical glitch, and determining who may have been able to see someone else’s data, require extensive analysis of a very large data set. This is a time-consuming task, but it is essential to ensure that all potentially affected applicants are accurately identified and notified.
Until that process is complete, we are unable to provide a specific date for reopening the application system.
In order to give all applicants notice and an opportunity to review and complete their applications, upon reopening the system we will keep it open for at least five business days.
No later than 27 April 2012 we will provide an update on the reopening of the system and the publication of the applied-for new domain names.
So the best-case scenario, if these dates hold up, would see TAS coming back online Monday, April 30 and closing Friday, May 4.
The April 30 target date for the Big Reveal is clearly no longer possible.
ICANN has stated previously that it expects to take two weeks between the closing of the application window and the revelation of the list of gTLDs being applied for.
The Big Reveal could therefore be postponed until mid-May, almost a month from now.
Any applicant who has already booked flights and hotels in order to attend one of the various reveal events currently being planned by third parties may find themselves out of pocket.
Regular ICANN participants are of course accustomed to delay.
ICANN’s image problem now is rather with the hundreds of companies interfacing with the organization for the first time, applying for new gTLDs, which may be wondering whether this kind of thing is par for the course.
Well, yes, frankly, it is.
That said, the time to avoid this problem was during testing, before the application window opened in January.
Now that the bug has manifested, it’s probably in most people’s best interests for ICANN to fully understand went wrong and what impact it could have had on which applicants. This takes time.
ICANN vows to fight TAS bug “monkey business”
ICANN chief security officer Jeff Moss has pledged to fully disclose what new gTLD application data was leaked to which users via the TLD Application System security bug.
Talking to ICANN media chief Brad White in a video interview, Moss said:
We’re putting everyone on notice: we know what file names and user names were displayed to what people who were logged in and when. We want to do this very publicly because we want to prevent any monkey business. We are able to reconstruct what file names and user names were displayed.
ICANN has been going through its logs and will know “very specifically” what data was visible to which TAS users, he said.
The bug, he confirmed, was related to file deletions:
Under certain circumstances that were hard to replicate users that had previously deleted files could end up seeing file names of users that had uploaded a file… Certain data was being revealed to users that were not seeking data, it was just showing up on their screen.
The actual contents of the files uploaded to TAS were not visible to unauthorized users, he confirmed. There are also no reasons to believe any outside attacks occurred, he said.
He refused to reveal how many applicants were affected by the vulnerability, saying that ICANN has to first double-check its data in order to verify the full extent of the problem.
The interview reveals that the bug could manifest itself in a number of different ways. Moss said:
The problem has several ways it can express itself… we would solve it one way and it would appear another way, we would solve it another way and it would appear a third way. At some point we were just uncomfortable that we understood the core issue and that’s when we took the system offline.
TAS was taken down April 12, just 12 hours before the new gTLD application window closed.
ICANN has been providing daily updates ever since, and has promised to reveal tonight when TAS will reopen for business, for how long, and whether April 30 Big Reveal day has been postponed.
Applicants first reported the bug March 19, but ICANN did not realize the extent of the problem until later, Moss said.
In hindsight now we realized the 19th was the first expression of this problem, but at the time the information displayed made no sense to the applicant, it was just random numbers… at that point there were no dots to connect.
Here’s the video:
How the world’s biggest brands use new gTLDs
DomainIncite PRO is excited to reveal the results of the domain name industry’s first in-depth study into how the world’s biggest brands use new generic top-level domains.
In March and April 2012, we surveyed the domain name ownership and usage patterns of the world’s 100 most-valuable brands — representing over $1.2 trillion in brand value, according to Interbrand — in six gTLDs introduced since 2001.
As well as confirming the long-held belief that brand owners see little value in defensive registrations — many not even choosing to benefit from residual traffic — the survey also revealed which brands are more likely to develop their sites, which are most vulnerable to cybersquatting, and which appear to care the least about enforcing their brands.
We also examined how “cybersquatters” use the domain names they register, with some surprising results.
Privacy/proxy registration is not nearly as prevalent as many believe, our study found, and a significant portion of registrants have made no effort to monetize the domains they own that match famous brand names.
This extensive, fully illustrated report includes:
A comparison of defensive registration trends across 100 brands in six new gTLDs. How many domains are owned by the respective brands and how many are owned by third parties? How many are reserved by the registry and how many are still available for registration?
A breakdown of usage trends by gTLD in .asia, .biz, .info, .jobs, .mobi and .pro. When brand owners register domains in new gTLDs, how likely are they to develop content on those domains, and what can new gTLD registries do to encourage this desirable behavior?
An analysis of cybersquatting behavior in over 100 domain names registered to entities other than the brand owner. How much do brand owners have to worry about their brands being impaired by damaging behavior such as redirection to competing web sites or porn?
Full survey results. Subscribers have full access to the survey results, which include details of which brand-domains belong to third parties, which exhibit potentially damaging behavior, and which are currently available for registration.
DI PRO subscribers can click here for the full report.
Non-subscribers can learn how to subscribe instantly here.
Did a university just pay $3,000 for its .xxx domain?
The domain name sju.xxx has changed hands for $3,000 on Sedo.
It’s the first .xxx domain I recall popping up in Sedo’s sales feed.
However, I think there’s a pretty good chance it’s a damage-mitigation move by an American university.
SJU is the acronym used by Saint Joseph’s University in Philadelphia, PA. The college uses sju.edu as its primary domain.
Knowing how paranoid universities have been about protecting their reputations in .xxx, and given that the sale came in just below the price of a cheap UDRP, I suspect we’re looking at a defensive move.
The Whois record for the domain is currently under privacy protection. Until recently, it belonged to one Jay Camina. It resolves to a suggestive Go Daddy parking page.
First TAS security bug details revealed
The data leakage bug in ICANN’s TLD Application System was caused when applicants attempted to delete files they had uploaded, the organization has revealed.
In his latest daily update into the six-day-old TAS downtime, chief operating officer Akram Atallah wrote this morning:
ICANN’s review of the technical glitch that resulted in the TLD application system being taken offline indicates that the issue stems from a problem in the way the system handled interrupted deletions of file attachments. This resulted in some applicants being able to see some other applicants’ file names and user names.
This sounds rather like an applicant’s file names may have become visible to others if the applicant attempted to delete the file (perhaps in order to upload a revised version) and the deletion process was cut off.
Speculating further, this also sounds like exactly the kind of problem that would have been exacerbated by the heavy load TAS was under on April 12, as lots of applicants simultaneously scrambled to get their gTLD bids finalized to deadline.
Rather than being a straightforward web app, TAS is accessed via Citrix XenApp virtual machine software, which provides users with an encrypted tunnel into a Windows box running the application itself.
As you might expect with this set-up, performance issues have been observed for weeks. Every applicant logged into TAS last Thursday reported that it was running even more slowly than usual.
A security bug that only emerged under user load would have been relatively tricky to test for, compared to regular penetration testing.
But ICANN had some good news for applicants this morning: it thinks it will be able to figure out not only whose file names were leaked, but also who they were leaked to. Atallah wrote:
We are also conducting research to determine which applicants’ file names and user names were potentially viewable, as well as which applicants had the ability to see them.
This kind of disclosure would obviously be beneficial to applicants whose data was compromised.
It may also prove surprising and discomfiting to some applicants who were unwittingly on the receiving end of this confidential data but didn’t notice the rogue files on their screens at the time.
ICANN still plans to provide an update on when TAS will reopen for business this Friday. It will also confirm at the time whether it is still targeting April 30 for the Big Reveal.
US reopens IANA contract re-bid
ICANN’s key contract with the US government is open for proposals again, a month after ICANN was told its first bid wasn’t up to the expected standards.
The US National Telecommunications and Information Administration yesterday posted a revised request for proposals, looking for a new IANA contractor.
The IANA contract is what gives ICANN its operational powers over the domain name system root database.
Based on a quick comparison of the new RFP with the old, there have been few notable, substantial changes, giving little indication of why ICANN’s previous response fell short.
The RFP has a strong emphasis on accountability, transparency, separation of ICANN/IANA powers, conflicts of interest and the “global public interest”, as before.
While many of the requirements have been edited, clarified or shifted around, I haven’t been able to spot any major additions or subtractions.
The RFP now envisages a contract running from October 1, 2012 until September 30, 2015, with two two-year renewal options, bringing the expiry date to September 30, 2019.
The deadline for responses is May 31.
The current contract had been due to expire at the end of March but the NTIA unexpected extended it by six months just before ICANN’s meeting in Costa Rica kicked off last month.
The NTIA said it canceled the first RFP “because we received no proposals that met the requirements” but neither it nor ICANN has yet provided any specifics.
Over a month ago, at an ICANN press conference in Costa Rica, CEO Rod Beckstrom said: “We were invited to have a debriefing with [the NTIA] to learn more about this. Following that discussion we will share any information we are allowed to share.”
Since then, no additional information has been forthcoming.
The new RFP can be read here. For comparison, the old version can be downloaded here.
New gTLD filing deadline delayed again
It looks like new gTLD applicants are in for more delays after ICANN announced that it will not reopen its TLD Application System tomorrow as planned.
In a statement tonight, chief operating officer Akram Atallah said that the recently discovered data leakage vulnerability has been fixed, but the fix is still being tested.
We believe that we have fixed the glitch, and we are testing it to make sure.
ICANN is committed to reopening the application system as soon as we can confirm that the problem has been resolved and we have had proper time for testing.
We also want to inform all applicants, before we reopen, whether they have been affected by the glitch. We are still gathering information so we can do that.
Accordingly, the application system will not reopen tomorrow.
ICANN shut down TAS last Thursday, just 12 hours before the new gTLD application filing deadline, after discovering a persistent bug that allowed some applicants to see the names of files uploaded by other applicants.
It had planned to open TAS again tomorrow and close it on Friday. However, that’s looking increasingly unlikely.
Atallah said that ICANN “will provide an update on the timing of the reopening no later than Friday, 20 April at 23.59 UTC.”
While ICANN said yesterday that it was still targeting April 30 for its Big Reveal event, subject to change, that’s now looking like an ambitious goal.
Recent Comments