Hackers break .mobi after Whois domain expires
It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.
White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.
Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.
WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.
Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.
GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.
Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.
More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.
WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.
“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.
They said they would have also been able to send malicious code payloads to vulnerable Whois clients.
While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.
As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.
The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.
Donuts shuts down 14 registrars, but it’s “not related to DropZone”
Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.
ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.
This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.
But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.
DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.
But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:
We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.
It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.
US officials gunning for coronavirus domains
US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.
In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.
The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.
Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.
The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.
This is an identity theft scam and wire fraud, the complaint says.
Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.
In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:
- The use of automated and human review of domain name registration and traffic patterns to identify fraud;
- Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
- Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
- De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.
In other words: try to stop these domains being registered, and take them down if they are.
No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.
Rightside sells eNom to Tucows for $83.5m
Tucows is to become “the second largest registrar in the world” by acquiring eNom from Rightside, paying $83.5 million.
The deal will give Tucows another 14.5 million domains under management and 28,000 resellers, giving it a total of 29 million DUM and 40,000 resellers.
That DUM number, which appears to include ccTLDs, makes Tucows the undisputed volume leader in the reseller world and the second-largest registrar overall.
GoDaddy, the DUM leader, had about 55 million domains just in gTLDs at the last count.
Tucows CEO Elliot Noss told analysts that the deal, along with the April 2016 acquisition of Melbourne IT’s reseller business, were “individual opportunistic transactions”.
He said that Tucows will take its time integrating the two companies, but expects to realize cost savings (presumably read: job losses as duplicate administrative positions are eliminated) over 24 months.
The reseller APIs will not change, and Tucows will not migrate names over to its own existing ICANN accreditations. This could help with reseller retention.
For Rightside, the company said the spin-off will allow it to focus on vertical integration between its gTLD registry business and its consumer-facing registrar, Name.com.
Rightside had come in for a certain amount of high-profile investor criticism for its dogged focus on new gTLDs at the expense of its eNom and Name.com businesses.
Activist investor J Carlo Cannell, supported by fellow investor and Uniregistry CEO Frank Schilling, a year ago accused Rightside of putting too much emphasis on “garbage” new gTLDs instead of its more profitable registrar businesses.
Since then, Rightside has rebuffed separate offers for some or all of its gTLDs by rivals Donuts and XYZ.com.
Last June, it also announced plans to modernize eNom, which Cannell and others had accused of looking stale compared to its competitors.
RightSide cuts super-premium fees in half, drops premium renewals
New gTLD registry RightSide has slashed the minimum price of its so-called “Platinum” tier premium domains and dropped renewal fees for these domains down to an affordable level.
The price changes come as part of two new marketing initiatives designed to start shifting more of its 14,000-strong portfolio of super-premiums through brokers and registrar partners.
The minimum first-year price of a Platinum-tier name has been reduced immediately from $50,000 to $25,000.
In addition, these domains will no longer renew every year at the same price. Instead, RightSide has reduced renewals to a more affordable $30.
“We weren’t selling them,” RightSide senior VP of sales and premiums Matt Overman told DI. “There is not a market for $50,000-a-year domain purchases.”
Now, “we feel comfortable enough with amount money we’re going to make up-front”, Overman said.
However, premium renewals are not being abandoned entirely; non-Platinum premium names will still have their original higher annual renewal fees, he said.
RightSide has sold some Platinum names in the five and six-figure range, but the number is quite small compared to overall size of the portfolio.
But Overman said that “none of them sold with a $50,000 renewal”. The highest renewal fee negotiated to date was $5,000, he said.
Before yesterday’s announcements, RightSide’s Platinum names were available on third-party registrars with buy-it-now fees that automatically applied the premium renewal fees.
However, it seems that the vast majority if not all of these sales came via the company’s in-house registrars such as Name.com and eNom, where there was a more flexible “make an offer” button.
Under a new Platinum Edge product, RightSide hopes to bring this functionality to its registrar partners.
It has made all 14,000 affected names registry-reserved as a result, Overman said. They were previously available in the general pool of unclaimed names and available to registrars via EPP.
Each affected name now has a minimum “access fee” of $25,000 (going up to $200,000 depending on name) that registrars must pay to release it.
They’re able to either negotiate a sale with a markup they can keep, or sell at “cost” (that is, the access fee) and claim a 10% commission, Overman said.
A separate Platinum Brokerage service has also been introduced, aimed at getting more professional domain brokers involved in the sales channel.
Brokers will be able to “reserve” up to five RightSide Platinum names for a broker-exclusivity period of 60 days, during which they’re expected to try to negotiate deals with potential buyers.
While no other brokers will be able to sell those names during those 60 days, registrars will still be able to sell those reserved names.
Overman said that if a registrar sells a name during the period it is under exclusivity with a participating broker, that broker will still get a commission from RightSide regardless of whether they were involved in the sale.
“We won’t give that name to any other broker, but if it sells through a registrar they still get their 10%,” he said. The registrar also gets its 10%.
This of course is open to gaming — brokers could reserve names and just twiddle their thumbs for 60 days, hoping to get a commission for no work — but the broker program is expected to be fairly tightly managed and those exploiting the system could be kicked out.
RightSide will be making the case for the two Platinum-branded offerings at the upcoming NamesCon conference in Las Vegas, where it also expects to name its first brokerage partners.
GoDaddy spearheads Domain Connect spec
GoDaddy has published a new specification designed to make it easier for domain owners to quickly set up web sites using third-party site-building tools.
Its new Domain Connect Initiative is tailored for customers who do not know how to configure a DNS record and do not care to learn,according to Charles Beadnall, senior VP of domains.
While signing up for a participating site-building service, Shopify for example, customers currently have to either figure out how to manually reconfigure their DNS or get GoDaddy’s customer support to talk them through it.
GoDaddy currently receives tens of thousands of customer support calls every year related to these scenarios, Beadnall said.
But using Domain Connect, instead they will be able to simply enter their domain name with Shopify and, after authenticating with their registrar (via OAUTH), their domain’s DNS will be automatically configured to point to their new site.
This saves the customer’s time and GoDaddy’s money.
Under the hood, it works using a series of templates, authored by the service providers, which instruct the registrar or DNS provider in how to set up the domain to use the service, Beadnall said.
Due to the high risk of malicious exploitation, it’s not completely frictionless. Service provider templates must be manually pre-approved and white-listed by registrars, Beadnall said.
As the system does not involve domain registration or transfer it’s not really within ICANN’s policy wheelhouse, so the spec has instead been published via the IETF.
It has already been embraced by leading rival registrars eNom, Name.com and United Domains, as well as toolmakers including Microsoft, Shopify and Wix.
The announcement of Domain Connect was made a couple of weeks ago while I was off sick.
More information and documentation can be found on the Domain Connect web site.
Demand Media spins off Rightside
Demand Media has completed the spin-off of its domain name business, Rightside.
Shares in the new company, which will be listed on the Nasdaq stock exchange, went to existing Demand Media shareholders.
Trading under the ticker symbol NAME, Rightside stock started off at $16.77 yesterday morning and is currently trading at around $15.07.
Rightside comprises number two registrar eNom, retail registrar Name.com, new gTLD portfolio registry United TLD (which is branded Rightside), and its share of auction house NameJet.
It is headed by CEO Taryn Naidu and chairman David Panos.
The company also today named its initial board of directors.
ICM scraps free .xxx porn star offer, starts new one
ICM Registry has partnered with a company called Model Centro to offer free .xxx domain names to porn performers.
Model Centro offers porn models a managed fan site and social networking service. It’s free to the models, with the company taking a 15% slice of whatever subscription fees are taken from their fans.
The arrangement seems to be related to the sale of Models.xxx, which ICM held back as a premium name until this week but which now mirrors the old modelcentro.com.
The deal will see each Models.xxx user get one free .xxx domain.
It also means ICM’s Adult Performer Program, which reserved the names of 3,500 porn stars and allowed them to be claimed for free via Name.com is no more.
The company said in a statement that the two-year-old program has been scrapped.
The new deal is probably better for .xxx. Because Models.xxx is a web site service, each free domain given away is going to turn into a site almost immediately, potentially increasingly the gTLD’s visibility.
The same group that runs Model Centro also recently acquired the premium bukkake.xxx, while another bought extreme.xxx and public.xxx. The three sold for a total of $150,000, according to the registry.
Disadvantaged kids need your money after terrible Name.com charity drive
Domain name registrar Name.com carried out what can only be described as a completely abysmal charity fund-raising drive during this week’s South by Southwest conference, and disadvantaged kids need your help as a result.
During the conference, Name.com got one of its more photogenic customer support guys to go around the streets of Austin, Texas, asking random passers-by to high-five him.
The high-fives were recorded on a great big electronic device the guy carried on his back. For every high-five he got, Name.com promised to donate a nickel ($0.05) to charity.
)
The campaign was videoed and published on the company’s blog (here, here, here, and here)
The end result of this was 10,000 high-fives, which raised an absolutely pointless $500 for the charity concerned, which is the Austin Children’s Center, a very worthy-sounding cause.
The Austin’s Children’s Center provides services for child victims of abuse in Austin, Texas.
But if you watch all of the Name.com videos linked to above, you’ll learn rather more about Name.com than you will about the charity it’s supposedly raising money for.
And all this effort raised a pathetic $500.
There are people reading this post who have regularly spent more than that on dinner.
During the final video, a representative of the charity, the Austin’s Children’s Center, says “We have to raise 65% of our annual budget, and this year it’s $7 million.”
So Name.com raised a whopping 0.007% of its chosen charity’s annual funding needs, while putting rather a lot of effort into attempting to raise its own corporate profile.
I gather that the highfive-counting electronic gizmo that the CSR carried around on his back in the videos costs around $1,200 to buy, meaning that the stunt actually ran at a loss.
Name.com could have donated an extra $1,200 to this charity if it had not run the stunt at all.
That’s assuming, of course, that it didn’t pay the guy carrying the camera, or the guy who did the editing, or the guy who wrote the blog post, or the guy who sent me the press release today…
This kind of crap makes me sick.
I donated $25 to the Center today in protest at Name.com’s bullshit.
If you want to donate in protest too, which I strongly encourage you to do, do it here.
Not many people have donated yet. This charity really does need your help.
If you’re not convinced yet, watch this video and then donate if you find it funny.
Demand Media to spin off domains business as Rightside
Demand Media has confirmed its plan to spin off its domain name business into a separate company.
The new firm will be called Rightside. As the (rather good) name suggests, it will include the company’s interests in over 100 new gTLD applications and registries.
As well as United TLD, it will also include eNom, Name.com and Demand’s stake in NameJet.
Rightside will be based in Kirkland, Washington, and headed by new appointed CEO Taryn Naidu, who’s been running Demand’s domain unit internally for the last couple of years.
Recent Comments