Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
More WordPress attacks at Go Daddy
The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.
Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.
“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.
According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.
The script attempts to install bot software on visitors’ machines.
As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.
Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.
I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.
Twitter registers t.co for URL shortener
Twitter has registered the domain name t.co, to use as a secure URL shortener.
Just minutes ago, t.co started resolving to a page containing this text:
Twitter uses the t.co domain as part of a service to protect users from harmful activity, to provide value for the developer ecosystem, and as a quality signal for surfacing relevant, interesting tweets.
The page links to a FAQ describing its current URL shortener, twt.tl.
Whois.co shows it’s registered as part of .CO Internet’s Founders’ Program, the scheme the Colombian registry put in place to plug its upcoming launch.
Under this program, companies can partner with .CO to get a free premium .co domain if they commit to promote it.
TechCrunch was previously the highest-profile site to join the program, when it registered disrupt.co.
I would say getting Twitter on board definitely beats that deal.
.CO Internet is also currently auctioning e.co for charity. Bids have already reached $24,000.
UPDATE: Twitter published a blog post on the launch. I guess they beat me by about three minutes.
“When this is rolled out more broadly to users this summer, all links shared on Twitter.com or third-party apps will be wrapped with a t.co URL,” the firm says.
Probably too soon to say for sure, but it looks like Bit.ly is kinda screwed.
ICANN staff need to get their pee tested
I imagine it’s a pretty hard job, largely thankless, working at ICANN. No matter what you do, there’s always somebody on the internet bitching at you for one reason or another.
The job may be about to get even more irksome for some staffers, if ICANN decides to implement new security recommendations made by risk management firm JAS Communications.
In a report published yesterday, JAS suggests that senior IANA staff – basically anyone with critical responsibilities over the DNS root zone – should be made to agree to personal credit checks, drug screening and even psych evaluations.
To anyone now trying to shake mental images of Rod Beckstrom peeing into a cup for the sake of the internet, I can only apologise.
This is what the report says:
JAS recommends a formal program to vet potential new hires, and to periodically re‐vet employees over time. Such a vetting program would include screening for illegal drugs, evaluation of consumer credit, and psychiatric evaluation, which are all established risk factors for unreliable and/or malicious insider activity and are routinely a part of employee screening in government and critical infrastructure providers.
I’ve gone for the cheap headline here, obviously, but there’s plenty in this report to take seriously, if you can penetrate the management consultant yadda yadda.
There are eight other recommendations not related to stoners running the root, covering contingencies such as IANA accidentally unplugging the internet and Los Angeles sinking into the Pacific.
Probably most interesting of all is the bit explaining how ICANN’s custom Root Zone Management System software, intended to reduce the possibility of errors creeping into the root after hundreds of new TLDs are added, apparently isn’t being built with security in mind.
“No formal requirements exist regarding the security and resiliency of these systems, making it impossible to know whether the system has been built to specification,” the report says.
It also notes that ICANN lacks a proper risk management strategy, and suggests that it improve communications both internally and with VeriSign.
It discloses that “nearly all critical resources are physically located in the greater Los Angeles area”, which puts the IANA function at risk of earthquake damage, if nothing else.
JAS recommends spreading the risk geographically, which should give those opposed to ICANN bloat something new to moan about.
There’s a public comment forum over here.
UPDATE (2010-06-13): As Michael Palage points out over at CircleID, ICANN has pulled the PDF from its web site for reasons unknown.
On the off-chance that there’s a good security reason for this, I shall resist the temptation to cause mischief by uploading it here. This post, however, remains unedited.
Domain name industry growth slowed by China crackdown
The massive slump in Chinese domain name registrations appears to have hit the overall domain name market significantly in the first quarter 2010, slowing its growth.
According to the latest VeriSign Domain Name Industry Brief, only one million net new domains were registered across all TLDs in the period, a paltry 0.6% increase.
There were about 193 million domains active at the end of March, up from 192 million at the start of the year.
A million might seem like a lot, until you consider that the market grew by 11 million domains in the fourth quarter and by three million in the first quarter of 2009.
The slump is certainly due to the rapid decline in .cn domains.
China’s ccTLD had about 13.4 million names at the end of last year, and only 8.8 million at the end of March. April’s numbers show the decline continued, with 8.5 million names registered.
The China drag has been caused by a combination of pricing and the Draconian new identification requirements the communist government placed on the registry, CNNIC.
Chinese registrants now have to present photo ID before they can register a domain.
VeriSign’s own .com/.net business did a decent trade in the quarter, up 7% compared to the same quarter last and 2.7% on December to 99.3 million names in total.
With registrations growing by 2.7 million per month, this means VeriSign already has more than 100 million names in its com/net database.
Red Bull wins court case but loses UDRP
Energy drink maker Red Bull has somehow managed to lose a UDRP complaint over the domain name taurusrubens.com, despite having already won a lawsuit against its current registrant.
“Taurus Rubens” was the name of an air show slash performance art piece sponsored by Red Bull, performed at Salzburg airport in August 2003. There’s a clip here on YouTube.
The day before the show, an Austrian man named Reinhard Birnhuber registered taurusrubens.com and rubenstaurus.com and parked them with his ISP.
Two years later, when Red Bull got wise to the registrations, it offered Birnhuber €500 for them. He countered with a demand for a whopping €1 million.
That was in March 2005. One month later, Red Bull secured an Austrian trademark on the term “Taurus Rubens”. It then filed a UDRP complaint with WIPO.
Judging from that WIPO decision, it’s pretty clear that Birnhuber’s registrations were not entirely innocent.
Not only did he ask a ludicrous price for the domains, he also admitted to knowing about the air show when he registered them, he already owned redbullbag.com, and he gave a bunch of reasons about his plans for developing the domains that WIPO didn’t buy.
Nevertheless, because Red Bull had acquired its trademark rights years after the registrations, apparently just so it had standing under the UDRP rules, WIPO dismissed the complaint.
So Red Bull sued in an Austrian commercial court instead, and won.
Birnhuber appealed, and lost.
The court ruled that he had registered the domains in bad faith and that he should turn them over to Red Bull.
But he has apparently so far refused to do so. So Red Bull this year filed a second UDRP complaint with WIPO, asking for the domains to be transferred to it.
And, bizarrely, Red Bull lost.
WIPO this week denied the company’s complaint on the grounds that the the Austrian court’s ruling is irrelevant under UDRP rules, and that the 2005 WIPO decision should stand.
Here’s a Google translation of the relevant bits:
The panel can see in the above circumstances, no new facts or actions that would warrant a new assessment of the case. In this respect, the complainant fails to recognize that not only “new actions” to the resumption of proceedings are necessary, but this also has to be relevant.
…
The correct legal result is more than the enforcement of that ruling in Austria, especially as the present legal request (transfer of the domain name) covers with the sentencing order of the Austrian court. Since both parties are domiciled in Austria, is likely a priori, no specific enforcement problems arise. WIPO panels can so far do not replace the state authorities.
So, does Birnhuber get his €1 million? I doubt it. But right now he still owns taurusrubens.com.
US government requests root DNSSEC go-ahead
The National Telecommunications and Information Administration, part of the US Department of Commerce, has formally announced its intent to allow the domain name system’s root servers to be digitally signed with DNSSEC.
Largely, I expect, a formality, a public comment period has been opened (pdf) that will run for two weeks, concluding on the first day of ICANN’s Brussels meeting.
NTIA said:
NTIA and NIST have reviewed the testing and evaluation report and conclude that DNSSEC is ready for the final stages of deployment at the authoritative root zone.
DNSSEC is a standard for signing DNS traffic using cryptographic keys, making it much more difficult to spoof domain names.
ICANN is expected to get the next stage of DNSSEC deployment underway next week, when it generates the first set of keys during a six-hour “ceremony” at a secure facility in Culpeper, Virginia.
The signed, validatable root zone is expected to go live July 15.
Charity e.co auction kicks off with $10k bid
The four-day auction of the domain name e.co started less than an hour ago at Sedo, and it has already attracted a five-figure bid.
.CO Internet, the Colombian firm behind the newly liberalized .co ccTLD namespace, is using the auction to plug its upcoming landrush, which kicks off June 20.
Juan Diego Calle, CEO of the registry, previously said e.co is “perhaps the shortest, most memorable digital brand in the world”.
Proceeds from the sale will be donated to the charity of the winning bidder’s choosing.
Due to the high-profile nature of the auction, wannabe bidders have to fill out an application form before posting their bids.
The bidding will conclude during a live event at the Internet Week show in New York this Thursday.
Nominet appoints Baroness to chair
Nominet, the .uk registry manager, has hired Irene Fritchie, aka Baroness Fritchie, to be its new chair.
No, I’d never heard of her either, but apparently Fritchie is a life peer and a dame, with a seat in the House of Lords since 2005.
Her geek credentials appear to comprise her chairmanship, until last year, of the Web Science Research Initiative, a joint initiative between the University of Southampton and MIT.
So she’s on speaking terms with Tim Berners-Lee, it seems.
Fritchie replaces Bob Gilbert, who quit in March after guiding the organization through a tricky period.
A cynic would say that it’s fortuitous that Nominet now has a member of the UK legislature fighting its corner, given that the recently passed Digital Economy Act originated and was primarily written in the Lords.
The Act created powers for the British government to take over .uk if Nominet screws up by letting domainers commandeer its board.
Fritchie is a cross-bencher, meaning she is beholden to no one political party.
Nominet also said that it has appointed Piers White MBE as a non-executive director. White has a background in banking and currently sits on the board of Ordnance Survey.
Council of Europe wants ICANN role
The Council of Europe has decided it wants to play a more hands-on role in ICANN, voting recently to try to get itself an observer’s seat on the Governmental Advisory Committee.
The Council, which comprises ministers from 47 member states, said it “could encourage due consideration of fundamental rights and freedoms in ICANN policy-making processes”.
ICANN’s ostensibly technical mission may at first seem a bit narrow for considerations as lofty as human rights, until you consider areas where it has arguably failed in the past, such as freedom of expression (its clumsy rejection of .xxx) and privacy (currently one-sided Whois policies).
The Council voted to encourage its members to take a more active role in the GAC, and to “make arrangements” for itself to sit as an observer on its meetings.
It also voted to explore ways to help with the creation of a permanent GAC secretariat to replace the current ad hoc provisions.
The resolution was passed in late May and first reported today by IP Watch.
The Council of Europe is a separate entity to the European Union, comprising more countries. Its biggest achievement was the creation of the European Court of Human Rights.
How a company hacked the .eu sunrise to register generic domains
An Austrian company exploited a loophole in EurID’s .eu sunrise period to register dozens of generic .eu domain names, according to the European Court of Justice.
An outfit by the name of Internetportal und Marketing GmbH noticed back in 2005 that European Union regulations covering the .eu launch said that trademarks containing “special characters” could be claimed under the .eu sunrise.
If your trademark contained characters not compatible with normal DNS, such as $ or #, you could ignore those characters when you applied for your trademark as a .eu sunrise period domain.
So, with ingenuity I have to grudgingly admire, Internetportal registered 33 trademarks in Sweden that comprised generic dictionary terms interspersed with those special characters.
By applying under the sunrise period, rather than during the landrush or open registration periods, the company could eliminate most of its competitors for the domain.
Crafty.
The ECJ case concerned the domain reifen.eu – meaning “tyre” “or “tire” in German – but the company apparently also applied to register 180 other generic domains using the same method.
Internetportal registered the trademark “&R&E&I&F&E&N&”, knowing that the ampersands would be ignored by EurID’s policy when it applied for reifen.eu.
It did in fact win the domain, and others, during the sunrise, on the back of its Swedish trademarks.
Unfortunately, a man named Richard Schlicht who held a (later) Benelux trademark on the term “reifen” filed a Alternative Dispute Resolution procedure over the registration in 2006 and won.
Internetportal appealed, and it eventually made its way to ECJ. But Europe’s highest court decided last week that reifen.eu had indeed been registered in bad faith and in violation of the rules.
There’s loads of stuff in the ruling to excite IP lawyers, but as far as I can tell it boils down to one basic common-sense precedent: if you register a trademark purely for the purposes of securing a domain name in a sunrise period, you’re out of luck, at least in Europe.
Given that pretty much all the dictionary terms under .eu have already gone, and that the sunrise period ended years ago, I doubt the finding will have a great deal of immediate practical impact.
But a more general point holds, for those considering applying for a new TLD: if there are loopholes in your sunrise period rules, you can guarantee they will be exploited.
Recent Comments