Donuts offers name spinner to show potential attacks
Donuts has launched a tool to show off its TrueName offering, which blocks potential phishing attacks at the domain registry level.
It’s like a regular name spinner, but instead of showing you available domains it shows you visually confusingly similar domains — homographs — that it will block if you register said name in any of Donuts’ portfolio of 2xx (subs, please check) TLDs.
For example, spinning truename.domains returns results such as trʋenɑme.domains (xn--trenme-exc57b.domains) and trᵫname.domains (xn--trname-xk6b.domains), which could be used in phishing attacks.
How many strings get blocked depends largely on what characters are in your name. The letters I and O have a great many visually confusing variants in other non-Latin scripts, and each instance exponentially increases the potential attack vectors.
For example, if I were to register “domainincite” in one of Donuts’ TLDs, Donuts would block 767 homographs at the registry level, but if I were to register “kevinmurphy”, it would only need to block 119.
It only blocks the homographs in the same TLD as the original name. It’s not a replacement for brand protection in other TLDs.
Donuts doesn’t charge anything extra for this service. It’s included in the price of registration and offered as a unique perk for Donuts’ selection of gTLDs.
I gave TrueName a brief post when it launched last year, but I have to say I really like the idea. It’s a rare example of true innovation, rather than simple money-grubbing, that has come from the new gTLD program.
If Verisign were to roll out something similar in .com, it would eliminate a bunch of phishing and cut down on legal fees for big brands chasing phishers and typosquatters through UDRP or the courts.
It was born out of Donuts’ Domain Protected Marks List product, which allows trademark owners to block their brands and homographs across the whole Donuts stable for less money than defensively registering the names individually.
The downside of the spinner tool is of course that, if you’re a bad guy, it simplifies the process of generating samples of homograph Punycode (the ASCII “xn--” string) that can be used in any non-Donuts TLD that supports internationalized domain names.
The tool is limited to 10 domains per spin, however, which limits the potential harm.
Try it out here.
Donuts rolls out free phishing attack protection for all registrants
Donuts is offering registrants of domains in its suite of new gTLDs free protection from homograph-based phishing attacks.
These are the attacks where a a bad guy registers a domain name visually similar or identical to an existing domain, with one or more characters replaced with an identical character in a different script.
An example would be xn--ggle-0nda.com, which can display in browser address bars as “gοοgle.com”, despite having two Cyrillic characters that look like the letter O.
These domains are then used in phishing attacks, with bad actors attempting to farm passwords from unsuspecting victims.
Under Donuts’ new service, called TrueNames, such homographs would be blocked at the registry level at point of sale at no extra cost.
Donuts said earlier this year that it intended to apply this technology to all current and future registrations across its 250-odd TLDs.
The company has been testing the system at its registrar, Name.com, and reckons the TrueNames branding in the shopping cart can lead to increased conversions and bigger sales of add-on services.
It now wants other registrars to sign up to the offering.
It’s not Donuts’ first foray into this space. Its trademark-protection service, Domain Protected Marks List, which has about 3,500 brands in it, has had homograph protection for a few years.
But now it appears it will be free for all customers, not just deep-pocketed defensive registrants.
Donuts says DPML now covers “millions” of trademark variants as price rockets again
Donuts has added more than a third to the price of its Domain Protected Marks List service, as it adds a new feature it says vastly increases the number of domains trademark owners can block.
The company has added homograph attack protection to DPML, so trademark-owning worrywarts can block variations of their brand that contain confusing non-Latin characters in addition to all the domain variants DPML already takes out of the available pool.
An example of a homograph, offered by Donuts, would be the domain xn--ggle-0nda.com, which can display as “gοοgle.com” and which contains two Cyrillic o-looking characters but is pretty much indistinguishable from “google.com”.
Donuts reckons this could mean “millions” of domains could be blocked, potentially preventing all kinds of phishing attacks, but one suspects the actual number per customer rather depends on how many potentially confusable Latin characters appear in the brands they want to protect.
DPML is a block service that prevents others from registering domains matching or closely matching customers’ trademarks. Previous additions to the service have included typo protection.
The new feature supports Cyrillic and Greek scripts, the two that Donuts says most homograph attacks use.
The company explained it to its registrars like this:
The Donuts system will analyze the content of each SLD identified in a DPML subscription, breaking it down to its individual characters. Each character is then “spun” against Unicode’s list of confusable characters and replaced with all viable IDN “glyphs” supported by Donuts TLDs. This spinning results in potentially millions of IDN permutations of a brand’s trademark which may be considered easily confusable to an end user. Each permutation is then blocked (removed from generally available inventory) just like other DPML labels, meaning it can only be registered via an “Override” by a party holding a trademark on the same label.
While this feature comes at no additional cost, Donuts is increasing its prices from January 1, the second big increase since DPML went live five years ago.
Donuts declined to disclose its wholesale price when asked, but I’ve seen registrars today disclose new pricing of $6,000 to $6,600 for a five-year block.
That compares to retail pricing in the $2,500 to $3,000 range back in 2013.
Hexonet said it will now charge its top-flight resellers $6,426 per create, compared to the $4,400 it started charging when DPML prices last went up at the start of last year. OpenProvider has also added two grand to its prices.
Donuts said the price increase also reflects the growth of its portfolio of gTLDs over the last few years. It now has 241, 25% more than at the last price increase.
Recent Comments