Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
.berlin CEO prime suspect in ICANN data breach
dotBerlin CEO Dirk Krischenowski is suspected of using a bug in ICANN’s new gTLD portal to access hundreds of confidential documents, some containing sensitive financial planning data, belonging to competing gTLD applicants.
That’s according to ICANN documents sent by a source to DI today.
Krischenowski, who has through his lawyer “denied acting improperly or unlawfully”, seems to be the only person ICANN thinks abused its portal’s misconfigured search feature to deliberately access rivals’ secret data.
ICANN said last night that “over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials”.
But ICANN, in private letters to victims, has been pinning all 60 searches and all 200 access incidents on Krischenowski’s user credentials.
Some of the incidents of unauthorized access were against applicants Krischenowski-run companies were competing against in new gTLD contention sets.
The search terms used to find the private documents included the name of the rival applicant on more than one occasion.
In more than once instance, the data accessed using his credentials was a confidential portion of a rival application explaining the applicant’s “worst case scenario” financial planning, the ICANN letters show.
I’ve reached out to Krischenowski for comment, but ICANN said in its letters to victims:
[Krischenowski] has responded through legal counsel and has denied acting improperly or unlawfully. The user has stated that he is unable to confirm whether he performed the searches or whether the user’s account was used by unauthorized person(s). The user stated that he did not record any information pertaining to other users and that he has not used and will not use the information for any purpose.
Krischenowski is a long-time proponent of the new gTLD program who founded dotBerlin in 2005, many years before it was possible to apply.
Since .berlin launched last year it has added 151,000 domains to its zone file, making it the seventh-largest new gTLD.
The bug in the ICANN portal was discovered in February.
The results on an audit completed last month showed that over the last two years, 19 users used the glitch to access data belonging to 96 applicants and 21 registry operators.
There were 330 incidents of unauthorized access in total, but ICANN seems to have dismissed the non-“Krischenowski” ones as inadvertent.
An ICANN spokesperson declined to confirm or deny Krischenowski is the prime suspect.
Its investigation continues…
ICANN fingers perps in new gTLD breach
A small number of new gTLD registries and/or applicants deliberately exploited ICANN’s new gTLD portal to obtain information on competitors.
That’s my take on ICANN’s latest update about the exploitation of an error in its portal that laid confidential financial and technical data bare for two years.
ICANN said last night:
Based on the information that ICANN has collected to date our investigation leads us to believe that over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials.
The remaining user credentials, representing the majority of users who viewed data, were either used to:
Access information pertaining to another user through mere inadvertence and the users do not appear to have acted intentionally to obtain such information. Access information pertaining to another user through mere inadvertence and the users do not appear to have acted intentionally to obtain such information. These users have all confirmed that they either did not use or were not aware of having access to the information. Also, they have all confirmed that they will not use any such information for any purpose or convey it to any third party; or
Access information of an organization with which they were affiliated. At the time of the access, they may not have been designated by that organization as an authorized user to access the information.
We can infer from this that the 60 searches, exposing 200 records, were carried out deliberately.
I asked ICANN to put a number on “limited set of user credentials” but it declined.
The breach resulted from a misconfiguration in the portal that allowed new gTLD applicants to view attachments to applications that were not their own.
ICANN knows who exploited the bug — inadvertently or otherwise — and it has told the companies whose data was exposed, but it’s not yet public.
The information may come out in future, as ICANN says the investigation is not yet over.
Was your data exposed? Do you know who accessed it? You know what to do.
New gTLD phishing still tiny, but .xyz sees most of it
New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.
That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.
Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.
The number of domains used to phish was 95,321, up 8.4% from the first half of the year.
However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.
In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.
According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.
Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.
New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.
That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.
Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:
Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.
XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.
In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.
But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:
XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.
APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.
It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:
Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.
The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.
APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.
The APWG report can be downloaded here.
UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.
According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.
Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.
Draconian Chinese crackdown puts domain industry at risk
The vast majority of top-level domain registries could soon be banned from selling domains into China due to a reported crackdown under a decade-old law.
That’s according to Allegravita, a company that helps registries with their go-to-market strategies in the country.
Allegravita released a report last week claiming that Chinese registrars will be forbidden to sell domains in TLDs that are not on a government-approved list.
The crackdown could come as early as July, the report says:
Foreign registries which have not applied for Chinese market approval are advised to do so in the near term, as unapproved Top-Level Domains are likely to be taken off the market from July this year.
As of April 30, there were only only 14 TLDs on the approved list. All of them are run by Chinese registries and only five do not use Chinese script.
Not on the list: every legacy gTLD, including .com, as well as every ccTLD apart from .cn.
The Draconian move is actually the implementation of regulations introduced by China’s Ministry of Industry and Information Technology over a decade ago but not really enforced since.
As I reported in December, Donuts was facing problems launching its Chinese-script gTLDs due to this red tape.
MIIT announced in 2012 that new gTLD applicants would need licenses to sell into China.
According to Allegrevita, which until recently was working heavily with TLD Registry (“.chinesewebsite”) on its entry into the country, it’s “no longer ambiguous” that MIIT has asserted full oversight of the domain industry in China.
MIIT’s crackdown appears to be focused on the 93 Chinese registrars it has approved to do business.
Allegravita says these companies will not be allowed to sell unapproved TLD domains to Chinese registrants, but that existing registrations will be grandfathered:
by sometime in July 2015, the MIIT will not permit unapproved registries to operate or offer their domains for sale in China. The MIIT will not interfere with existing domain registrations for unapproved registries; however, new registrations will not be permitted to be sold by Chinese registrars to Chinese registrants.
Presumably, non-Chinese registrars will reap the benefits of this as Chinese would-be registrants look elsewhere to buy their domains.
China is an important market for many registries, particularly the low-cost ones.
Judging by MIIT’s web site, getting approval to sell your TLD in China involves a fairly stringent set of requirements, including having a local presence.
MIIT said in a press release last month that the “special action” is designed “to promote the healthy development of the Internet, to protect China’s Internet domain name system safe and reliable operation
Krueger removed as chair as M+M finally starts seeing some revenue
Minds + Machines co-founder Fred Krueger has been kicked out of his job as executive chairman of the company.
The news came as the new gTLD registry reported its first full year of results as a proper, revenue-generating company.
The company reported revenue of $1.9 million for 2014, compared to $56,000 in 2013.
Its report includes a “cash revenue” line of $5 million, to show off revenues that it has deferred to future periods due to standard domain industry accounting.
For accounting purposes, M+M was profitable to the tune of $22 million for the year, but almost none of that is from actually selling domains — $33.7 million of profit came from losing new gTLD auctions.
That’s not a sustainable or predictable part of the business — nobody knows exactly when or if ICANN will launch the next round of new gTLDs — but it did help M+M grow its cash pile to $45.7 million.
That pile may grow or shrink depending on how aggressive the company is in its 11 remaining new gTLD contention set auctions.
CEO Antony Van Couvering said that M+M is also eyeing acquisition opportunities as the new gTLD industry enters an early consolidation phase.
He said that M+M’s early priorities include a focus on selling premium domains that have higher than usual annual renewal fees.
At the same time as announcing its results, the company said Krueger, who founded M+M with Van Couvering in 2009 in anticipation of the new gTLD program, has quit.
While he’s technically resigned, he left no doubt in his unusually frank resignation letter that he’s actually been forced out by the M+M board of directors.
He wrote that the decision was “initiated by the board” and that his “decision” to leave “was unexpected – for me at least”.
He added that he was “OK with it, indeed supportive of it” and that he has no intention to sell off his substantial stake in the company.
Krueger will now focus on Mozart, a web site building software maker that he’s been leading for the last couple of years. M+M has a deal to offer Mozart to its registrants.
He’s been replaced, albeit in a non-executive capacity, by Keith Teare, an existing director.
Teare is a tech veteran perhaps best known in the domain industry for launching and running RealNames, which attempted to replicate AOL Keywords for the Internet Explorer browser at the turn of the century.
ICANN says “no impact” from TMCH downtime
The 10-hour outage in the Trademark Clearinghouse’s key database had no impact on domain registrations, ICANN says.
We reported earlier this week that the TMCH’s Trademark Database had been offline for much of last Friday, for reasons unknown.
We’d heard concerns from some users that the downtime may have allowed registrants to register domain names matching trademarks without triggering Trademark Claims notices.
But that worry may have been unfounded. ICANN told DI:
The issue occurred when two nodes spontaneously restarted. The cause of this restart is still under investigation. Although both nodes came back up, several services such as the network interface, TSA Service IP and the SSH daemon did not. All TMDB Services except the CNIS service were unavailable during the outage. From a domain registration point of view there should have been no impact.
CNIS is the Claim Notice Information Service, which provides registrars with Trademark Claims notice data.
Concern over mystery TMCH outage
The Trademark Clearinghouse is investigating the causes and impact of an outage that is believed to have hit its primary database for 10 hours last Friday.
Some in the intellectual property community are concerned that the downtime may have allowed people to register domain names without receiving Trademark Claims notices.
The downtime was confirmed as unscheduled by the TMCH on a mailing list, but requests for more information sent its way today were deflected to ICANN.
An ICANN spokesperson said that the outage is being analyzed right now, which will take a couple of days.
The problem affected the IBM-administered Trademark Database, which registrars query to determine whether they need to serve up a Claims notice when a customer tries to register a domain that matches a trademark.
I gather that registries are supposed to reject registration attempts if they cannot get a definitive answer from the TMDB, but some are concerned that that may not have been the case during the downtime.
Over 145,000 Claims notices have been sent to trademark owners since the TMCH came online over a year ago.
(UPDATE: This story was edited May 21 to clarify that it is the TMCH conducting the investigation, rather than ICANN.)
Obama, Apple, cancer and Taylor Swift’s cat top lists of most searched-for .sucks domains
You’ve got to hand it to .sucks registry Vox Populi.
The pricing may be “exploitative” and “predatory”, as the intellectual property community believes, but damn if the the company doesn’t know how to generate headlines.
Vox Pop has just added a new ticker stream to its web site, fingering the 50 most sucky celebrities, politicians, companies, social ills and abstract concepts.
The lists have been compiled from “more than a million” searches for .sucks domains that Vox Pop has seen pass through its system, according to CEO and veteran PR man John Berard.
For some reason, TayloySwiftsCat.sucks is the most searched-for in the “Personalities” category.
I’m guessing this relates to a meme that has yet to reach my isolated, middle-aged, non-country-music-loving corner of the world.
Whatever the cat did to earn this ire, it’s presumably equivalent to what Barack Obama, Apple, cancer and just life generally has done to searchers on the .sucks web site.
Here are the lists of most-searched-for terms, as it stands on the .sucks web site right now.
Top Personalities:
- 1. TaylorSwiftsCat
- 2. JustinBeiber
- 3. KevinSpacey
- 4. Oprah
- 5. KimKardashian
- 6. KayneWest
- 7. GuyFieri
- 8. TomBrady
- 9. DonaldTrump
- 10. OneDirection
Catch Phrases:
- 1. Life
- 2. YourMomma
- 3. This
- 4. Everyone
- 5. MyJob
- 6. MyLife
- 7. Reality
- 8. YouKnowWhat
- 9. Who
- 10. College
Causes:
- 1. Cancer
- 2. Technology
- 3. Obesity
- 4. Racism
- 5. Depression
- 6. Meat
- 7. AIDS
- 8. Hate
- 9. Poverty
- 10. Government
Companies:
- 1. Apple
- 2. Google
- 3. Microsoft
- 4. Facebook
- 5. Comcast
- 6. Walmart
- 7. CocaCola
- 8. McDonalds
- 9. Sony
- 10. Amazon
Politicians:
- 1. Obama
- 2. Hillary
- 3. TedCruz
- 4. RandPaul
- 5. StephenHarper
- 6. Putin
- 7. JebBush
- 8. TonyAbbott
- 9. DavidCameron
- 10. Democrats
Make no mistake, this is a headline-generating exercise by Vox Pop.
It comes as .sucks hits 10 days left on the clock for its $1,999+-a-pop sunrise period.
The company got a shed-load of mainstream media publicity when celebrities, starting with Kevin Spacey, started registering their names in .sucks several weeks ago.
It’s looking to get more headlines now, from lazy journalists and bloggers.
This is one of the first, for which I can only apologize.
XYZ and Uniregistry acquire .car from Google, launch joint venture
XYZ.com and Uniregistry have launched a joint venture to operate a trio of car-related new gTLDs, after acquiring .car from Google.
Cars Registry Ltd is a new company. It will launch .cars, .car and .auto later this year.
Uniregistry won .cars and .auto at auction last year. Google was the only applicant for .car.
It signed its ICANN contract in January but transferred it to Cars Registry a little under a month ago.
The newly formed venture plans to launch all three TLDs simultaneously in the fourth quarter this year.
.car is currently in pre-delegation testing. The other two are already in the root.
Cars Registry does not have the the car-related domain space completely sewn up, however.
Dominion Enterprises runs .autos, albeit with a plan to launch the TLD with restrictions that may well mean it does not directly compete with the other three TLDs.
Launch details for .cars, .car and .auto have not yet been released.
Judging by the gTLDs’ web site, they will run on the Uniregistry back-end.
Barclays confirms move away from .com to new gTLD
Barclays has become one of the first major companies to explicitly confirm it will dump traditional gTLDs and ccTLDs in favor of its new dot-brands.
The $25 billion-a-year bank said it will “transfer its online assets to proprietary domain names — .barclays and .barclaycard — away from the traditional location-specific .com and .co.uk web addresses.”
The transition is a “long-term” play, but it’s started already, with “non-transactional” parts of its web site already using the two new gTLDs.
Basically, we’ve entered the brochureware phase of the dot-brand evolution.
home.barclays already mirrors barclays.com — both are simultaneously live right now — but the online banking service remains at barclays.co.uk.
In a May 11 press release that seems to have slipped under everyone’s radar last week, Barclays chief security officer Troels Oerting, until a few months ago cyber-crime chief at Europol, said:
The launch of the .barclays and .barclaycard domain names creates a simplified online user experience, making it crystal clear to our customers that they are engaging with a genuine Barclays site.
This clarity, along with the advantages of controlling our own online environment, enables us to provide an even more secure service, which we know is of utmost importance to our customers, and ultimately serves to increase trust and confidence in Barclays’ online entities.
This is precisely what advocates of dot-brands pitched as the benefits of the new gTLD program.
While many applicants stated similar plans in their gTLD applications, I think there’s been a degree of skepticism about whether they would follow through.
Barclays’ moves are happening faster than I expected — the .barclays gTLD was delegated in January — showing a degree of enthusiasm.
The charitable Australian Cancer Research Foundation in February launched sites under its .cancerresearch (not technically a dot-brand), while Hong Kong conglomerate CITIC Group has already experimented with a shift from .com to .citic.
In related news, the non-branded .bank gTLD opened for its sunrise period today.
Recent Comments