Recent Posts
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
Typosquatting is huge but not dangerous, study finds
A study of typosquatted domain names has found that the practice is reaching pandemic levels for the largest brands, but that there’s surprisingly little malware distribution going on.
The security company Sophos surveyed 2,249 domains that were one letter different to the .com sites of Facebook, Google, Twitter, Apple and Microsoft, and found that two thirds resolved.
Not all of those 1,502 sites were malicious typosquats; some were legitimate sites that just happened to have similarly spelled names (such as goole.com and witter.com) Sophos noted.
Apple was the most-squatted company, according to this method: resolving Microsoft typos were at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.
Sophos concluded that “there is a significant typosquatting ecosystem around high-profile, often-typed domain names.”
But it did not find as much malware as it was expecting, with only one domain leading to a malware site, 0.07% of the total.
However, 2.7% of the URLs “fell into the loose category of cybercrime”, which “means they are, or have been, associated with hacking, phishing, online fraud or spamming”.
The report, which also fingers parking services from Demand Media, Sedo, Oversee and Bodis as the recipients of 37% of the typo traffic, contains much more data and is well worth a read.
Annoyingly, it appears that Sophos only surveyed .com domains, so the data doesn’t really tell us much about the impact of TLDs (such as .co) on the typosquatting problem.
Libyan registry hacked by anti-Gaddafi crackers
The official registry web site for the Libyan top-level domain has been defaced by anti-Gadaffi crackers.
Nic.ly currently looks like this (click to enlarge):
The attack appears to be limited to the web server – as bit.ly domains are still resolving I assume the culprits have not managed to take control of the registry’s more important systems.
Libya famously cut itself off from the internet in March, shortly after the ongoing rebel uprising – which today arrived on the streets of Tripoli – kicked off.
The .ly domain also went completely dark in 2004 after a communication breakdown between the registry manager and IANA.
(via Sophos)
Bit-squatting – the latest risk to domain name owners
Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.
This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.
Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.
According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.
Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.
To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.
The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.
The binary for the string “microsoft” is:
011011010110100101100011011100100110111101110011011011110110011001110100
and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):
011011010110100101100011001100100110111101110011011011110110011001110100
Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.
I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.
But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:
To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.
…
I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.
His conference presentations will also discuss possible hardware and software solutions.
For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.
I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.
The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.
Kaminsky is not discussing DNS this year, judging by the agendas.
The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.
.xxx domains to get free virus scans from McAfee
ICM Registry has signed up with security software outfit McAfee to provide automatic virus scanning for all web sites hosted at .xxx domain names.
Under the $8 million deal, “every .XXX domain will be scanned for vulnerabilities such as SQL injection, browser exploits and phishing sites, reputational analysis and malware”, ICM said in a press release.
The subscription, which is based on the McAfee Secure offering, will be included in the price of the domain, which is expected to start at around $75 at the cheapest registrars.
McAfee normally charges a lot more than that; ICM has basically negotiated a bulk discount for its customers.
There are two ways to take advantage of the deal.
First, webmasters can choose to put some code on their sites that displays the McAfee Secure logo, potentially increasing customer confidence and ergo sales.
McAfee reckons sales can go up by as much as 12% when sites use this “trust mark”, based on some split-testing it did a couple years ago (results may vary, it adds).
Second, because McAfee is going to automatically scan every .xxx domain every day, whether the registrant wants it or not, porn surfers will be able to use McAfee SiteAdvisor, a free browser plug-in, to verify that a .xxx site is, for want of a better word, clean.
Whether you like .xxx or not, you’ve got to admit that this probably counts as a rare example of “innovation” from a domain registry.
On the flipside, registrars that already offer such services as add-ons, such as Go Daddy, won’t get the up-sell if ICM is giving it to every registrant from the registry side.
But that doesn’t seem to have stopped any registrars from signing up to sell .xxx domains.
Oddly, the press release does not name McAfee as the service provider, but its brand is all over the ICM web site so embarrassment is probably not a factor.
McAfee currently has about 80,000 sites using the service, which could easily grow to 500,000 or more if ICM gets as many registrations as it expects to.
ICANN hires hacker Dark Tangent as security chief
Noted white-hat hacker Jeff “Dark Tangent” Moss is to join ICANN as its new chief security officer.
Moss founded the Black Hat and Def Con hacker conferences (which I highly recommend), and was once a director of firewall vendor Secure Computing.
If you’re not familiar with security lingo, “hacker” in this context means he’s one of the good guys. He’s also one of a couple dozen members of the US Department of Homeland Security’s Advisory Council.
The ICANN press release announcing the appointment (pdf) is filled with plaudits from some of the industry’s top DNS security geeks.
Paul Vixie, chairman and chief scientist of the Internet Systems Consortium is quoted as saying:
This is a great hire for ICANN. Jeff’s been in the infosec community since the dawn of time and not only knows where the weak spots are but also how they got that way, and what needs to be done and by whom. He’s the ideal person to drive ICANN’s security agenda.
He’s also been named vice-president. He starts work at the ICANN Washington DC office tomorrow.
Banks to write security rules for “.bank”
Financial services firms unhappy with ICANN’s new top-level domains program are to take matters into their own hands by writing security guidelines for TLDs like “.bank”.
BITS, the technology policy arm of the Financial Services Roundtable, said it plans to develop “elevated security standards for financial gTLDs” and wants ICANN to make them mandatory.
The organization, which counts many major world banks as members, is concerned that a “.bank” in the hands of a registry with lax security could increase fraud and reduce confidence in banking online.
BITS said its guidelines would be drafted by a globally diverse working group and submitted to an international standards-setting organization for ratification.
It wants ICANN to include a single sentence in its new TLDs Applicant Guidebook, apparently incorporating the guidelines by reference:
Evaluators will use standards published by the financial services industry to determine if the applicant’s proposed security approach is commensurate with the level of trust necessary for financial services gTLDs.
An ICANN working group is working on the concept of a High Security Zone TLD for precisely this kind of application, but in September the ICANN board abruptly decided that it “will not be certifying or enforcing” the idea, apparently in order to mitigate its own corporate risk.
The BITS project appears to be in direct response to that move.
It certainly seems to be a more productive avenue of engagement than hinting at a lawsuit, which it did in a November letter to ICANN.
I’m attempting to confirm whether the BITS plan, submitted as a response to the Applicant Guidebook public comment period, is being proposed with ICANN’s backing. (UPDATE: it isn’t.)
Beckstrom: ICANN accountable to world, not just US
ICANN chief Rod Beckstrom opened the organization’s 39th public meeting in Cartagena, Colombia, with a speech that touched on many of the organization’s recent controversies and appeared to take a strong stance against US government interference.
Everything from its political tangles with the International Telecommunications Union, to the recent calls for high-security top-level domains for financial services, to Beckstrom’s own controversial pet project, the proposed DNS-CERT, got a mention.
But probably Beckstrom’s strongest statement was the one which indirectly addressed recent moves by the US government to slam the brakes on ICANN’s new top-level domains program:
We are accountable to the world, not to any one country, and everything we do must reflect that.
Beckstrom acknowledged the controversies in the new TLDs policy, given last week’s strongly worded letter from the US Department of Commerce, which was highly critical of the program.
Commerce assistant secretary Lawrence Strickling has called on ICANN to delay the program until it has justified its decision under the Affirmation of Commitments.
But this morning, Beckstrom echoed sentiments expressed on the ICANN blog last week (my emphasis):
As is often the case with policy decisions in that multi-stakeholder model, not everyone is pleased, and this diversity of opinion contributes to the policy process. For example, last week we received a critical letter from the US Department of Commerce. As with all contributions, ICANN will give these comments careful consideration as part of the implementation of the GNSO policy. We welcome the transparent way that Commerce provided their comments through the public comment process.
How ICANN chooses to deal with the demands of its former master, the US government, is one of the Cartagena meeting’s Big Questions.
Another such question is how ICANN plans to deal with ongoing threats to its legitimacy from international bodies such as the International Telecommunications Union.
Addressing ITU secretary general Hamadoun Toure directly, Beckstrom said:
We have always sought to build our relationships based on mutual respect and integrity, taking into account the unique and distinct mandates entrusted to our organizations. The strengthening of communication between us is a personal priority for me.
Security
Security is one of ICANN’s watchwords, and Beckstrom is a security guy by trade. His speeches typically address the topic to a greater or lesser extent and Cartagena was no exception.
Security policies inherently create tensions. Take, for example, controversies about the strength and enforceability of of Whois policies, or Beckstrom’s own call for a DNS-CERT to oversee DNS risk.
This morning, he said:
The staff under my leadership is willing to go as far on security as the community is willing. And whatever security effort this community decides, we will do our utmost to implement and support, given sufficient resources. Because when it comes to security, how can we ever say we’ve done enough?
…
And now you need to tell us: where do you want us to go?
Of course, I am sure we can agree that when it comes to security, the question is not what do we want to do? Or what is popular or easy? It’s what do we owe the world? Because all of us care about the global public interest.
He took, in my view, a subtle swing at the Governmental Advisory Committee for putting security at the heart of its ongoing policy demands, while largely failing to cooperate with ICANN’s requests for information on security issues in their own jurisdictions. Beckstrom said:
We have asked GAC members to provide information about security activities in their countries. We appreciate the information some have shared but there have been few responses. As governments urge us to remain committed to security efforts, we in turn request that they help us by responding and working with the ICANN community on this vital mission.
I know there are some European ccTLD registries a bit miffed that ICANN has in recent months gone over their heads, direct to their governments, for this information, highlighting what a tricky political situation it is.
The speech also touched on internationalized domain names, with a shout-out to the recent launch of Russia’s Cyrillic ccTLD, and general global inclusion activities. I expect the text and audio to be published on the ICANN web site to be published shortly.
“Beware of Hookers”, ICANN attendees told
ICANN has published a security guide for delegates planning to attend its meeting in Cartagena, Colombia, this December, which makes quite entertaining reading.
A highlight of the report (pdf), prepared by outside consultants Control Risks, warns attendees to steer clear of bar prostitutes who plan to take advantage of them.
All travelers should avoid bars which have public touts (or “spruikers”) standing outside encouraging them to enter. Many of these bars attract high levels of local prostitutes, some who intend to rob tourists by drugging them in the bar or in their hotel rooms.
Sage advice.
The report also recommends staying off the streets after 11pm, using official taxis, keeping your wallets clean of identifying information, and not resisting muggers/abductors.
Fight for your life, but not your possessions.
I’m cherry-picking the scary stuff here, obviously. In general, the report says Cartagena is fairly safe. Last year, there were only two kidnappings in the city.
Cartagena enjoys a mostly deserved reputation as one of the safe destinations for foreign travelers in Colombia. Certainly, violent crime rarely affects foreign visitors to the city.
ICANN has said that it will commission such reports when there is a concern that security at its chosen meeting locations may not be up to scratch.
I believe the new meetings security plan was introduced in response to the vague terrorism threats that clouded the Nairobi meeting earlier this year, keeping many flighty Americans at home.
eNom to crack down on fake pharma sites
Demand Media is to tighten security at its domain registrar arm, eNom, after bad press blighted its recent IPO announcement.
The company has signed a deal with fake pharmacy watchdog LegitScript, following allegations that eNom sometimes turns a blind eye to illegal activity on its customers’ domains.
The news emerged in the company’s amended S-1 registration statement (large HTML file), filed with the US Securities and Exchange Commission yesterday. New text reads:
We recently entered into an agreement with LegitScript, LLC, an Internet pharmacy verification and monitoring service recognized by the National Association of Boards of Pharmacy, to assist us in identifying customers who are violating our terms of service by operating online pharmacies in violation of U.S. state or federal law.
LegitScript will provide eNom with a regularly updated list of domain names selling fake pharma, so the registrar can more efficiently turn them off. The companies have also agreed to work together on research into illegal online pharmacies.
Surrounding text has also been modified to clarify that eNom is not required, under ICANN rules, to turn off domains that are being used to conduct illegal activity.
This is a bit of a PR win for the small security outfits KnuJon and HostExploit, firms which had used the occasion of Demand’s S-1 filing to give eNom a good kicking in the tech and financial press.
HostExploit reported last month that eNom was statistically the “worst” registrar as far as illegal content goes.
ICANN executives are reportedly going to be hauled to Washington DC at the end of the month to explain the problem of fake pharma to the White House.
Registries and registrars have also been invited, and I’d be surprised if eNom is not among them.
IPv4 pool to dry up in 2011
ICANN has confirmed that it will run out of unassigned IPv4 address space some time next year.
In an update to its Plan for Enhancing Internet Security, Stability and Resiliency, published yesterday, ICANN said it “expects to make the last allocations of IPv4 unicast space to the Regional Internet Registries (RIRs) during the calendar year 2011.”
While this means ICANN will largely be out of the IPv4 business, it does not of course mean that there will be no IPv4 address space left to be allocated to ISPs and businesses.
ICANN points out that the RIRs will still have their pools of unallocated addresses, and that they’ve been drawing up plans to hand out smaller blocks to new ISPs as well as allowing the transfer of IPv4 addresses between networks.
The confirmation that 2011 is the year that IPv4 dries up is not unanticipated. ICANN has been flagging it up as the likely timeframe for a few years now.
The solution to the problem is IPv6, which is large enough to never run out of addresses. The trick is making sure the new protocol is universally supported, so IPv6 networks can talk to IPv4 networks and vice versa.
The updated security plan document contains a few other nibbles of interest.
For instance, the security budget for the next year is down slightly on the last, $11.52 million versus $12.8 million, largely due to a requirement last year to build out a secure data center.
There’s also the admission that ICANN has developed an as-yet unpublished “Meetings Security Plan”, presumably in response to the terrorism fears that kept many constituents at home for the Nairobi meeting in March.
Recent Comments