News and Updates

Spring Clean Your House of Domains, DNS and Digital Certificates

Domain industry news - Sat, 2020-04-04 19:51

At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning!

Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn't wasted on domains of little to no value. It's fair to say that for many organizations, this is a difficult process — almost as feared as actually spring cleaning our own homes — and thus sometimes it falls to the bottom of our to-do list or never gets done!

Given the importance of domains, the domain name system (DNS), and digital certificates to the successful operation of your businesses, neglecting your domain portfolio could risk your business operations. If you're looking to undertake a domain portfolio review, then here are five key security considerations for you:

1. Look beyond the assets within your control. At times, the assets most at risk are those you don't yet know about, so consider ways to identify them, such as using a detective control like domain monitoring.

2. Focus on the domains that are vital to your business, and ensure they have all the security controls required of a business-critical domain:

  • Access controls (two-factor authentication, IP validation, and federated ID)
  • Add preventative controls by enabling appropriate advanced security features (registry locks, DNS security extensions (DNSSEC), domain-based message authentication, reporting and conformance (DMARC), certificate authority authorization (CAA) records, etc.)

These domains, and the DNS they reside on, should be managed with enterprise-class providers with a 100% uptime guarantee.

3. Know your trademark portfolio and business plan for new brands and markets. Aside from registrations of active brands and trademarks, defensive domain name registrations are a necessary part of your optimal portfolio. You can't register everything, but it's necessary to proactively secure the names and combinations (such as myCSC) that could otherwise be picked up by infringers — where the cost of registration is better value for money than the cost of recovery. Your approach here will depend on many factors, the popularity of your brand, the type of industry you are in, your risk appetite, your experience with infringers, and of course, your budget. Prevention is better than cure, but the level to which you adopt this approach will be as unique as your brand, so an up-to-date understanding of your business plan is essential.

4. Understand industry trends and how it impacts your business and its operations. In 2019, we saw some of the largest data breaches to date; organized cyber crime at a global scale prompted governments to issue alerts and recommendations. 2020 doesn't bode well either, and we are beginning to see hefty GDPR fines being levied on companies since its implementation in 2018. The industry is also reacting. Registries are making new registry locks available, the redaction of the WHOIS is impacting how companies deal with domain infringements, and there continues to be a push to reduce digital certificate validity periods. With many new developments to stay ahead of, work with your service providers who can help you factor in additional considerations as you review your domain security.

5. Rinse and repeatfinding new ways to streamline, automate, and conduct reviews more regularly. Blind spots like business-critical domains managed outside your control or without the appropriate security measures in place are a risk. The sooner these security blind spots are identified, the sooner you can mitigate the risks and give confidence to your business that you're doing everything you can to stay secure.

What originally looked like a simple spring cleaning exercise can look like a far more complicated and important process for your organization. Not completing the task could mean poor ROI for your domains budget, and more worryingly, that there's an increase in the likelihood of an outage for business-critical functions if a security blind spot are not detected and corrected in good time.

Our recommendation is to consider domain portfolio review as part of your daily exercise rather than an annual spring cleaning. Partner with a registrar who can undertake this work for you, and provide the insights you need to make the timely decisions for your organization.

This article originally published on Digital Brand Insider.

Written by Ken Linscott, Product Director, Domains and Security at CSC

Follow CircleID on Twitter

More under: DNS, Domain Names, Brand Protection

Categories: News and Updates

Google wins fight over “Google Coronavirus” domain name

Domain Name Wire - Sat, 2020-04-04 17:09

Man agrees to give domain name to Google after facing cybersquatting complaint.

A Massachusetts man who registered GoogleCoronavirus .com has agreed to hand it over to Google after the company filed a cybersquatting complaint.

Ben Ghosh registered the domain—at Google Domains, no less—on March 13. Google filed a cybersquatting complaint with National Arbitration Forum just three days later.

The domain name had a basic WordPress installation with no additional content.

Rather than fight the case, Ghosh consented to transfer the domain name to Google.

Companies have been registering domain names including their brands and terms like coronavirus and Covid-19 to protect against cybersquatting. For example, Facebook registered over 500 domain names including its brands and these terms.

It’s almost impossible to register every possible permutation. It probably makes sense for large websites to register obvious domains like brandCoronavirus. Beyond that, they can turn to cybersquatting mechanisms under the Uniform Domain Name Dispute Resolutions Policy to get control of domains that people register.

Google also filed a case against CoronavirusGoogle .com, which was registered by Walter Lafky of Oregon. That case is still pending.

Post link: Google wins fight over “Google Coronavirus” domain name

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Guy files cybersquatting complaint against a page on Blogger
  2. fails in cybersquatting complaint over
  3. Insurance giant AXA loses fight for
Categories: News and Updates

Breaking: Neustar retains .co registry, at a cost

Domain Name Wire - Fri, 2020-04-03 23:44

Neustar will continue operating .co but at much less favorable terms.

.Co Internet SaS, part of Neustar, will get to run the .co domain name registry after all.

Last year, MinTIC, Columbia’s Ministry of Information Technology (MinTIC), said it was putting the contract out to bid. Rivals lined up with hopes of cashing in on the popular domain extension.

The domain name wasn’t a global success when .Co Internet originally started running it in 2010; it spent heavily on marketing the domain name over the past decade, including in three Super Bowl commercials.

Neustar believed it had a right to a ten-year contract extension and filed a $350 million claim with the government of Colombia.

The parties settled the dispute, with MinTIC awarding a new contract to .Co Internet. The terms are very different from the first time around, though.

The government said it received about 6%-7% under the previous model and will now receive 81%.

Other terms have changed. First, it appears to be a five-year deal. Second, Colombia’s government will get more involved going forward. Here’s how Google Translate translated the relevant statement:

The selected contractor will operate the domain registration for the next 5 years after completing the transition process to the new operating model. In the future, the Ministry will be in charge of its administration through a group dedicated to Internet governance with technical personnel with knowledge and ability to manage and administer the domain. A fundamental change compared to the previous contract that contemplated the concession of the two components: the administrative and the operational.

[This story has been updated to clarify Colombia’s role going forward.]

Post link: Breaking: Neustar retains .co registry, at a cost

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. From 10-cent domains to revved up marketing and policy changes, .US might finally go somewhere
  2. Neustar (NSR) to go private in $2.9 billion deal
  3. Nicolai Bezsonoff to lead Neustar’s registry business
Categories: News and Updates

Godaddy expects $25-$30 million revenue hit in Q2 due to Covid-19

Domain Name Wire - Fri, 2020-04-03 21:20

Domain name aftermarket might be a weak spot during the downturn.

People start businesses even in hard economic times. Graphic from GoDaddy Investor Day presentation.

GoDaddy held a virtual investor day yesterday and the impact of Covid-19 was obviously a discussion topic.

Ray Winborne, CFO of GoDaddy, said the pandemic had a minimal impact on Q1 and that revenue would land within $5 million of the company’s $795 million guidance.

The impact will be greater in the second quarter, during which GoDaddy expects about a $25-$30 million impact.

The company expects no significant changes to its core business, which is based primarily on renewals. It expects mild softness in new sales.

There will be two drags, however. First, having everyone work from home will impact employee productivity. Second, the aftermarket is likely to see a greater demand impact in a recession due to higher price points.

GoDaddy showed a chart (picture) with data from the U.S. government about new business starts, including during the Great Recession. Although it shows that people still start businesses in recessions, the company noted that the impact of Covid-19 is unique because it’s hard to predict the recovery shape and window.

The full investor presentation is here (pdf).

Post link: Godaddy expects $25-$30 million revenue hit in Q2 due to Covid-19

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Aman Bhutani NamesCon live blog
  2. GoDaddy (GDDY) reports earnings, domain revenue of $263.3 million
  3. GoDaddy will continue publishing most domain owner data
Categories: News and Updates

Zoom Security: The Good, the Bad, and the Business Model

Domain industry news - Fri, 2020-04-03 20:21

Zoom — one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic — has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now — and some are worrisome.

The first part is the easiest: there have been a number of simple coding bugs. For example, their client used to treat a Windows Universal Naming Convention (UNC) file path as a clickable URL; if you clicked on such a path sent by an attacker, you could end up disclosing your hashed password. Zoom's code could have and should have detected that, and now does. I'm not happy with that class of bug, and while no conceivable effort can eliminate all such problems, efforts like Microsoft's Software Development Lifecycle can really help. I don't know how Zoom ensured software security before; I strongly suspect that whatever they were doing before, they're doing a lot more now.

Another class of problem involves deliberate features that were actually helpful when Zoom was primarily serving its intended market: enterprises. Take, for example, the ability of the host to mute and unmute everyone else on a call. I've been doing regular teleconferences for well over 25 years, first by voice and now by video. The three most common things I've heard are "Everyone not speaking, please mute your mic"; "Sorry, I was on mute," and "Mute button!" I've also heard snoring and toilets flushing… In a work environment, giving the host the ability to turn microphones off and on isn't spying, it's a way to manage and facilitate a discussion in a setting where the usual visual and body language cues aren't available.

The same rationale applies to things like automatically populating a directory with contacts, scraping LinkedIn data, etc. — it's helping business communication, not spying on, say, attendees at a virtual religious service. You can argue if these are useful features or not; you can even say that they shouldn't be done even in a business context — but the argument against it in a business context is much weaker than it is when talking about casual users who just want to chat out online with their friends.

There is, though, a class of problems that worry me: security shortcuts in the name of convenience or usability. Consider the first widely known flaw in Zoom: a design decision that allowed "any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission." Why did it work that way? It was intended as a feature:

As Zoom explained, changes implemented by Apple in Safari 12 that "require a user to confirm that they want to start the Zoom client prior to joining every meeting" disrupted that functionality. So in order to save users an extra click, Zoom installed the localhost web server as "a legitimate solution to a poor user experience problem."

They also took shortcuts with initial installation, again in the name of convenience. I'm all in favor of convenience and usability (and in fact one of Zoom's big selling points is how much easier it is to use than its competitors), but that isn't a license to engage in bad security practices.

To its credit, Zoom has responded very well to criticisms and reports of flaws. Unlike more or less any other company, they're now saying things like "yup, we blew it; here's a patch." (They also say that critics have misunderstood how they do encryption.) They've even announced a plan for a thorough review, with outside experts. There are still questions about some system details, but I'm optimistic that things are heading in the right direction. Still, it's the shortcuts that worry me the most. Those aren't just problems that they can fix; they make me fear for the attitudes of the development team towards security. I'm not convinced that they get it — and that's bad. Fixing that is going to require a CISO office with real power, as well as enough education to make sure that the CISO doesn't have to exercise that power very often. They also need a privacy officer, again with real power; many of their older design decisions seriously impact privacy.

I've used Zoom in a variety of contexts for several years, and mostly like its functionality. But the security and privacy issues are real and need to be fixed. I wish them luck.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Coronavirus, Cybersecurity

Categories: News and Updates

Reviewing 4-letter domains sold in March

Domain Name Wire - Fri, 2020-04-03 13:27

Kassey Lee evaluates four-letter domain sales as to how they might be valuable in China.

Here are some 4-letter sold in March as reported by Namebio. I’ll look at them from a Chinese perspective.

XCDN .com sold for $22,000. is already a developed site by Yun Su Yun (云速云=speedy clouds) to provide cloud services such as CDN, server rental, and security. The domain and the company name do not seem to match. is operated by Xin Cheng (欣诚=happy and sincere), an internet service provider offering VPN, CDN, email, and domain registration services. The acronym XCDN may be formed by combining the first word of the company name and the term “CDN” (Content Delivery Network),

TDKJ .com sold for $1,375. is a developed site. TDKJ is an acronym for the company name Tong Da Ke Ji (通达科技=science and technology which are clearly understood). The home page suggests something related to cars but clicking the links does not display any contents.

ZYWX .com sold for $1,247. forwards to, which appears to be a news portal related to skills and qualifications. The Chinese brand of the site is Niu Kao Wang (牛考网=awesome exam net). Note that simple or popular English words such as “oxford” are liked by Chinese companies.

PWSY .com sold for $900. This domain is for sale and likely owned by a Chinese investor. is also for sale at 180 yuan or about $27. Even though the price is low, the owner must have spent a significant amount of time to identify company names matching this acronym. The information is very detailed and it includes the contact person’s name, phone number, email address, physical address, registered capital, and date of company registration. Such information is very useful in outbound sales to potential end users. sold for $794. is for sale with an asking price of 9,999 yuan, or about $1,500, which is much higher than the .com domain just sold.

Post link: Reviewing 4-letter domains sold in March

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Wow: Sedo sold 100 four letter .com’s last week
  2. What these recent four-letter domain sales might mean
  3. These recent four-letter domain sales are interesting from a Chinese perspective
Categories: News and Updates

Resource: Data on how business segments are faring in the pandemic

Domain Name Wire - Thu, 2020-04-02 19:12

Which online transactions are going up and down during the pandemic.

This chart, courtesy of CJ, shows how online commerce has changed during the pandemic.

CJ, previously known as Commission Junction, is a large affiliate network. Many businesses run affiliate programs through them, including GoDaddy. Because it’s tracking commissions, it gets real-time data into what’s happening to different business segments in light of the pandemic.

The company is providing this data for free and updating it weekly. This is great, recently-updated data to help you navigate these times.

I think this year-over-year chart for March 1-28 is the most interesting. It shows clear winners and losers.


  • Education, actions up 387%
  • Food and Drinks, up 66% (remember, these are people ordering food online)
  • Recreation and Leisure, up 49%
  • Sports & Fitness, up 49%

Regarding the latter two categories, people are buying exercise equipment and recreational equipment in droves.


  • Travel, actions down 59%
  • Live Events, down 57%
  • Gifts and Flowers, down 19%

I thought about sending flowers to someone who had received bad health news, and then realized they probably don’t want a delivery driver showing up at their home.

Keep in mind that actions include things other than just sales, such as lead generation.

Post link: Resource: Data on how business segments are faring in the pandemic

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

What you need in your domain investor continuity plan

Domain Name Wire - Thu, 2020-04-02 18:10

If you don’t have a continuity plan, now is the time to develop one.

Every domain name investor should have a plan. Not a plan they hope to enact themselves, nor a plan that they hope is put to use anytime soon. They need a plan that their loved ones can use should something happen to them.

Over the years, we’ve seen beloved domain investors die, often way before their time. In addition to dealing with loss, their families have to figure out what to do with one of their biggest assets: domain names.

Domain names aren’t like other assets; they are illiquid and little-understood by the general public.

That’s why all domain name investors should have a continuity plan in place for whoever will deal with their domain name portfolio when they pass.

The Covid-19 pandemic is a reminder that any of us could have an untimely death. It’s a morbid topic, but one to think about.

I set up continuity plans for each of my businesses and share them with my wife. It’s been a long time since I’ve updated these plans, and the pandemic was enough to nudge me into action. These continuity plans will help my wife if I die, and also help if I’m not able to run my businesses for a few weeks.

The plans include:

  • Information on my business bank accounts
  • Contact details for our accountant and web developer
  • Information about other key accounts, such as hosting services and payroll accounts

Specific to domain investors, my continuity plan lists people that my wife should call should I die. It doesn’t make sense for me to burden her with details about all of my domains and what to do with them. Instead, I instruct her to contact specific people who can help her sort through this. For my domains, this includes trusted contacts at GoDaddy as well as a couple of people in the domain industry that I trust immensely. I also recommend who my wife should contact for assistance selling Domain Name Wire.

If you have a very valuable portfolio, listen to this podcast to understand some estate planning you should undertake.

I also walk my wife through the plan so she can ask questions. I’m sure I’ve forgotten about things that will be important to know.

A best practice is to do these plans on paper rather than saving them to a computer that can be hacked. Store your plan in a safe or safe deposit box at your bank.

This isn’t a fun thing to think about, but now is a good time to create or update your plan. Use the extra time you have stuck at home to develop your continuity plan. And let’s hope you never need to use it.


Post link: What you need in your domain investor continuity plan

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

Top Chinese ventilator companies and their domains

Domain Name Wire - Thu, 2020-04-02 14:42

It’s interesting to see which domain names these Chinese ventilator companies use.

I’ve been reading a lot of news about Covid-19. Because of this infectious disease, demand for ventilators is skyrocketing and governments around the world are scrambling to purchase the equipment.

China is a major supplier of ventilators, and Daily China lists the following vendors as the top five Chinese ventilator brands: Mindray, Aeonmed, Comen, Amoul, and Superstar.

I was curious which domains these ventilator companies used. To be clear, my interest is similar to understanding other corporate domain decisions, and not in any way to take advantage of these companies.

By searching Baidu, I was able to find out their Chinese brands, and how they use the .com, .cn, and domains. Here is the result.

Chinese English Domain .cn 迈瑞(Mai Rui) Mindray not resolve forwards to 谊安(Yi An) Aeonmed for sale not resolve 科曼(Ke Man) Comen not resolve different company 安保(An Bao) Amoul not resolve not resolve 舒普思达(Shu Pu Si Da) Superstar not resolve not resolve

What have I learned? Obviously, .com is the first choice for all these Chinese companies. Also, every one of them seems to have created an English brand first and then translated it to a Chinese brand. Interestingly, they don’t seem to care about .cn and, which are popular in China.

Post link: Top Chinese ventilator companies and their domains

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

Facebook registers over 500 Covid-19 related domain names

Domain Name Wire - Thu, 2020-04-02 12:18

Social media company goes on a defensive domain registration binge.

Facebook has registered over 500 domain names related to Covid-19 for its Facebook and Instagram brands.

The company registered the domain names yesterday as the platforms come under fire for spreading false information about the novel coronavirus and resulting disease.

The defensive domain name registrations cover multiple variations of its brands plus the words coronavirus and Covid-19. They also cover multiple top level domain names.

For example, Facebook registered “facebook-coronavirus-info” in .com, .net and .org. Other variations include facebook-covid-19-support.tld, facebook-informationcovid.tld, and instagramcovid-19.tld.

A list of 500 of the domain names is in the table below. DomainTools recorded 530 registrations yesterday, and these don’t appear to include the .org versions of the domains that Facebook registered. Therefore, the list is larger than the data I have.

Domain Name

Post link: Facebook registers over 500 Covid-19 related domain names

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Google pays $25 million for .App domain
  2. Domain Name Wire is 10 years old
  3. The languages of new top level domains
Categories: News and Updates

Pair of $200,000 Sales Share Top Spot on This Week's Domain Sales Chart

DN Journal - Thu, 2020-04-02 02:21
A 3-letter .com and the year's biggest non .com gTLD sale to date share the top spot on DNJournal's latest weekly Top 20 Sales Chart.
Categories: News and Updates

Ten Stopgap Tips for Privacy and Security Risk Management in a Pandemic

Domain industry news - Wed, 2020-04-01 23:48

This article was co-authored by partners Megan L. Brown and Matthew J. Gardner and associate Kathleen E. Scott, all members of Wiley Rein LLP's Privacy, Cyber & Data Governance Practice.

As businesses adjust to the "new normal" in the ongoing COVID-19 pandemic, it is important to quickly take stock of where your organization stands on privacy and security risk. Even in these unusual circumstances, organizations of all sizes and sophistication continue to be expected to act with reasonable care and comply with their public commitments and regulatory obligations.

Enterprises may be finding different or better ways to operate, collaborate, and service customers. But state regulators, privacy advocates, class action lawyers, and the #twitterverse are ready to call organizations out, so it is prudent to think about your practices from the lens of a state or federal regulator or a customer. As a California official reportedly said, "We encourage businesses to be particularly mindful of data security in this time of emergency."

Here are ten things to think about:

  1. Is your organization collecting information now that you were not before, or using existing data sets in new ways? Is the organization deploying biometrics to ease customer or employee experiences? Are you seeing new types of users, like children that previously you were not targeting? It is important to communicate with your product and sales teams to be sure the company isn't changing business practices without updating relevant policies, and if required, obtaining the proper consents.
  2. Review your online representations about privacy and security to ensure continued accuracy. The FTC does not hesitate to investigate companies for misrepresenting their practices, and the Attorneys General of California and New York have not given any indication that they are deferring enforcement during the pandemic, so be careful to ensure your Privacy Policy and other representations are up to date and accurate. This is particularly important if you are doing creative new things with data or your services.
  3. Ensure any new internal practices (communications tools, shared drives, folders for remote access, devices to help employees stay connected) are covered by your enterprise risk management, privacy risk management, and cybersecurity risk management planning. You may need to update your DLP, BYOD, IT security, or employee conduct policies to address teleworking, use of personal devices, and remote access to resources.
  4. Review contracts. Contracts were a risk area even before the pandemic. The rush to secure business or meet customer needs could cause a company to inadvertently assume additional risks or agree to imprudent provisions. Onboarding new vendors in a hurry could result in increased or different third-party access, or result in unexpected sharing or transfers of data.
  5. Ensure your IT and security teams are empowered to be proactive and identify issues as they arise. "Patch fast" is something that is easy to say and hard to do. Remind your IT team to stay as up to date as they can on patching and updates and see that they have the resources to prioritize.
  6. Make sure your executive team, management, and Board of Directors continue to get meaningful security updates. This may be easy to overlook as you manage your way through the pandemic, but it is important, as the Securities and Exchange Commission makes clear.
  7. Take a look at your incident response plan and consider how you would use it if your team is remotely deployed. Are the steps in it workable or do you need to adjust it? You may not need to rewrite it, but you may need to create workarounds, re-assign responsibilities, or lean more heavily on third parties like forensics teams in an incident or breach. Even if you don't change a thing, considering your plan's adequacy under this current set of circumstances is a reasonable and prudent step.
  8. Consider joining information-sharing groups and working with government stakeholders, like DHS's Cybersecurity & Infrastructure Security Agency (CISA), to receive updates. This has been a mainstay of government advice for a while and resources exist for organizations at all levels of cyber maturity: , , and
  9. Remind employees to be vigilant. This may seem obvious, but it is important. Verizon's Data Breach Incident Report reminds us that phishing remains the major threat action. Business email compromise has been a major headache and the current environment makes that more of a concern as companies scramble to get paid, sign up customers, and work remotely. Examples of bad actors exploiting technology range from COVID email scams to zoom-bombing. Don't overlook the basics. Employees should pick up the phone when transacting business, avoid posting sensitive information or meeting details publicly, and be extra cautious.
  10. Consider how the organization will deal with third party reports of vulnerabilities or issues. You may have a bug bounty program or vulnerability disclosure plan, but many do not. Companies can find themselves on the receiving end of critical press or government probes when they don't quickly respond to reports of security issues. This may be difficult with your team far flung.

Companies are trying to maintain operations in challenging circumstances, but privacy and security cannot take a back seat. State AGs have made clear that they will continue to police the private sector's privacy and security practices: California AG Becerra refused a request to forbear from enforcing the California Consumer Privacy Act for actions taken during the pandemic, and the New York AG has raised questions about a popular video communications platform. And privacy and security class actions are still being filed. Taking these steps now to ensure that your organization's privacy and security programs are keeping up with the fast-evolving landscape of the pandemic can improve your posture and reduce regulatory exposure.

Written by Megan L. Brown, Partner at Wiley Rein LLP

Follow CircleID on Twitter

More under: Coronavirus, Cybersecurity, Privacy

Categories: News and Updates

Restructuring of CentralNic Leadership Team Puts 5 Executives in New Roles as COO Exits

DN Journal - Wed, 2020-04-01 19:57
The fast growing CentralNic Group has restructured their leadership team with 5 execs moving into new positions and the COO stepping down.
Categories: News and Updates

Afilias gets patent for managing domain name bundles

Domain Name Wire - Wed, 2020-04-01 19:35

Patent describes way to manage multiple domain names at once.

The U.S. Patent and Trademark Office has granted patent number 10,599,632 (pdf) to registry operator Afilias for “Domain name registration and management.”

The patent describes the ability to bundle domain names and then apply changes to those bundles universally. For example, three domain names could be bundled together and then any change made to one, such as the administrative contact or nameservers, could automatically be applied to the others.

The patent states:

It is a disadvantage with the current domain name registration and management systems that a registrant’s plurality of domain names must be individually registered and subsequently individually maintained (e.g. renewals, etc.). It is critical that registry information relating to the various domain names of a registrant be complete, consistent, accurate, and up to date. As such, it is critical that the domain name registrant keep their domain name records up to date to prevent undesirable expense, complication and worst-case loss of domain name rights. The coordination involved by the registrant in today’s multi-TLD universe is becoming increasingly complex, due to the increased availability in the number and variety of domain names.

The idea behind the patent sounds a lot like Enom’s Magic Folders.

Afilias declined to comment about the patent.

Post link: Afilias gets patent for managing domain name bundles

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. .Info Has Banner Year in 2010
  2. Afilias’ new top level domain names have very slow first day
  3. Afilias was second-place bidder in $135 million .Web auction
Categories: News and Updates

Testing, Testing, Testing for a More Secure (Internet) World

Domain industry news - Wed, 2020-04-01 19:20

Reading up on COVID-19 and Zoom/Boris Johnson outcry yesterday, an analogy struck me between the two: the lack of testing. In both cases, to truly know how safe and secure we are, testing needs to be stepped up considerably. This post focuses on cybersecurity.

Over the past days and weeks, more and more organisations have switched to digital products and services to sustain working from home, to keep productivity up and to be connected. Our dependency on the Internet has become even larger, with perhaps one large difference: more people are actively aware of their dependency and not as something they see as normal without thinking about it. Let's not forget that by far, most people have slipped into the digital age, without comprehending the implications. Let alone how it works. With this newly found realisation, this is the time to act where cybersecurity improvements are concerned. First, let me give a few examples of how we slipped into the digital age.

How we moved onto the internet

Over the past years, we all have started to use products and services we do not truly understand, nor do we have an overview of the implications coming with the use of these products. This goes for apps that transgress every basic rule of privacy without any hindrance, but also for government organisations using cloud services in the U.S.. We use Google, Facebook, Whatsapp, etc. multiple times daily without being aware that we are the product, "the user," of these companies. Energy companies connecting a nuclear reactor to the Internet as running maintenance from home, if necessary, is so easy. Or, a machine in a factory that is directly connected to the manufacturer for maintenance without built in security. And what about all those connecting devices entering our home without basic security installed. Etc., etc., etc. All were decisions with large implications, usually made without security in mind, not offered, not asked for, not (fully) understood. Let's make it more tangible.


On Wednesday 31 March, Boris Johnson, U.K. prime minister, posted a photo online, showing his cabinet's video conference, giving away a load of data about his workplace, gear and even his unique username to the Zoom application the U.K. cabinet used for the conference. Twitter sort of exploded because of it, and yes, the lack of understanding in the PMs office is extremely disconcerting, but a part of the Twitter explosion focused on the program used. Zoom is an application that is used all over the world for video conferencing, one of many. What was pointed out yesterday, at a time that almost every organisation depends on video conferencing, that Zoom is not as secure as it advertises. Many people pointed out that Zoom blatantly lies about its level of security on offer.

And here is where I am coming to my point that we need to test, test, test. An important question ought to be: Why did some people only bother to test the service now and not last year or the year before? Can you tell me whether any of the other services are better? I can't.

Responsibility for a secure internet

The world fully depends on ICT products and services, something that today is more clear than ever. It also means that the products and services need to become more secure. 100% Security is something no one can offer. Avoidable mistakes, though, should no longer be acceptable when a product or service enters the marketplace. Not in a product connecting to the Internet, not in software and not in online services and hosting. If the current crisis shows us anything, it is the responsibility the internet market has where the world's security is concerned.

Making the Internet more secure

This can easily be improved if, during the production phase, testing becomes a prerequisite. For everything already on the market, it is quite clear that the status quo is that a company awaits an alert or a breach before taking action to amend the flaw in its product, if even then. To become safer, there are three ways forward:

  1. New products are made by new rules assuring a higher level of quality and security;
  2. Testing;
  3. Attribution.

White hat testing – I would like to focus on the last two. Mark Goodman proposed in his book 'Future Crimes' to create a worldwide pool of white hat hackers who test products and alert a company or a central agency on discovered flaws that are then repaired and updated. One thing is certain, the "bad guys" test products 24/7 in search of flaws and use them for their own nefarious purposes. So why don't the "good guys" do this in an organised way? Yes, this is a challenge to organise, but the white hat hackers already exist. So why not pool them and make use of their energy? Finding flaws before the bad guys do saves everybody money, time, losses, hurt, bankruptcy, etc. Yes, it is a burden on the manufacturers, but then they are the source of the flaws. Not the consumers. In fact, not even the "bad guys" are the source; they are just using what is on offer in a bad way.

A related example is the city of The Hague that organises a yearly hack contest on itself. Something more companies and organisations should do.

Consumer organisation testing – A second way of testing is through consumer organisations. Products and services with online components from now on need to be tested on cybersecurity aspects. Are certain internet standards deployed? Are passwords in place? Are patches guaranteed? Is data protected? Etc., etc. This way, the pressure is applied to manufacturers and service providers to up their game. This way, consumers can compare products. The test of webshop websites in The Netherlands and privacy adherence in an app in Belgium are good examples of this.

Attribution of breaches – When hacks or other digital breaches occur, one way forward is to collectively learn from the cause(s). E.g., by making it known, the breach was caused by a lack of security in product X or service Y. This puts pressure on manufacturers who currently produce sub-optimal or even less safe products. No product wants to be associated with negative news, so most likely all will progress because of it.

A milder form is to mention the cause without the name but including explicit mention of costs and losses, in combination with suggested questions consumers can ask to their vendors or demands they can make for a more secure product. This creates awareness at the customer side and puts pressure on the manufacturer.

Is this bad for innovation? All other products in the world show that rules or regulations do not stop progress. So why would the Internet be different?

Security investments come with costs

More than ever before, the world has become dependent on the Internet. It is time that the internet business takes responsibility for this dependency. This comes at a cost. Yes, there is another side to this debate. It has to become normal to pay for internet security. It is only fair money is made on the investment industry has to make to provide cybersecurity.

Conclusion: start testing!

Just like at this point in time in the COVID-19 crisis, a lot of people are not aware whether they have attracted the disease and are cured because they have not been tested, many internet services and products can get on the market, even with false claims, without testing. It is time for change. Societies have to start testing.

In a recent report published on the website of the Internet Governance Forum, I have identified 25 pressure points in society that can aid in making the Internet more secure. If you are interested to learn more you can download it here: Setting the Standard report

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cyberattack, Coronavirus, Cybercrime, Cybersecurity, Internet Governance, Internet of Things, Internet Protocol, Policy & Regulation

Categories: News and Updates

CentralNic shakes up management positions

Domain Name Wire - Wed, 2020-04-01 14:58

CentralNic names five people to new roles, Siffrin steps down.

Robbie Birkner

CentralNIC (London AIM: CNIC), a rollup of domain name companies, announced a restructuring of its leadership today.

COO Alex Siffrin is stepping down. He joined CentralNic when he sold his company KeyDrive to CentralNic in 2018.

In an interesting quote, CentralNic CEO Ben Crawford said, “To facilitate a smooth handover, I have agreed with Alex that he will step down from all duties now – and enjoy some very well-deserved rest with his young family.”

Usually, someone would stay on to help with the handover. CentralNic’s release does not mention a new COO.

The company’s five new appointments are:

Robbie Birkner – Head of Reseller Division – Birkner was a founder of Hexonet, which sold to CentralNic last year. It’s good news that Birkner is back working. Hexonet decided to sell because Birkner had health problems, and he took time off after the sale for treatment and to recuperate.  I take this as a sign that his treatment is progressing well.

Stuart Fuller – Head of Brand Services Division – He’ll oversee brand management company BrandShelter and CentralNic’s interest in Thomsen Trampedach. Fuller was the Group Commercial Director for the company.

Gavin Brown – Head of Registry Solutions – Brown is CentralNic’s longest-serving employee. He will also retain his role as Chief Innovation Officer. Prior to that role, he was CTO of CentralNic for 14 years.

Tony Kim – Head of Product – Kim was a co-founder of Hexonet and joined CentralNic when it acquired his company.

Oliver Fries – Head of Shared Services – Fries joined CentralNic when it acquired KeyDrive. He was KeyDrive’s CTO.

Post link: CentralNic shakes up management positions

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. CentralNic acquires Instra for $24 million, sells $3.6M in domains, and plans to raise $15M
  2. Moniker to take over Alpnames domain names
  3. CentralNic buys rest of Melbourne IT’s reseller business for AUD $24 million
Categories: News and Updates

End user domain name sales up to $200,000

Domain Name Wire - Wed, 2020-04-01 13:20

Two .app domains lead the way at Sedo.

The top two end user domain name sales at Sedo this past week were .app domains, including the blockbuster sale of to Shopify (NYSE: SHOP).

Other domain buyers include a French leather goods company, a port operator and an olive oil producer.

If you’re looking for four-letter domains, note that Sedo has a 4 Letter .com auction ending Thursday.

Here’s a look at some of the domains end users bought at Sedo this past week. You can review previous end user sales lists here. $200,000 – Shopify, which owns the domain It’s the highest sale ever publicly reported for a .app domain. $24,000 – Not one but two big .app sales this week. The domain is an upgrade for MeApp, which uses the domain The app provides caller ID, spam call blocking and other phone features. $7,500 – Red Rock Design Studio, a UK web design shop, bought this domain for one of its clients. $5,000 – Port operator PSA International. $4,990 – This appears to be an “upgrade” or a defensive registration for The name of this cryptocurrency exchange platform fails the radio test miserably. $3,600 – Forward to, a French leather goods brand that produces purses, luggage and other accessories.

CCCleaner .de €3,000 – Ccleaner is a software program for speeding up your computer. $3,000 – ValueCare provides a platform for finding business data. €2,500 – Forwards to, which sells store systems for pharmacies, labs and clinics. Bon Vita is Italian for “good life”. The company bought last week. $2,000 – Infule, a Fort Collins, Colorado SEO that specializes in serving RV dealers. This could be a purchase for one of their clients or an expansion to boat dealers. €2,335 – Molan Lave makes olive oil.


Post link: End user domain name sales up to $200,000

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. $25,000 new TLD sale among this week’s end user domain name sales
  2. Sedo sells $1.4 million worth of domains, here are some end user sales
  3. What domains Birchbox and 22 other companies bought last week
Categories: News and Updates

Cyrus Namazi leaves ICANN

Domain Name Wire - Wed, 2020-04-01 12:23

Head of domains division exits ICANN.

Cyrus Namazi

Cyrus Namazi has left his role as Vice President of the Global Domains Division (GDD) at ICANN effective immediately.

In a statement on the ICANN web site, ICANN CEO Göran Marby said that his co-deputy, Theresa Swinehart, will oversee GDD until a replacement is found.

Namazi had been at ICANN for seven years. He started as the Vice President of Domain Name Services & Industry Engagement. In February of 2019, he was named VP of the GDD.

While overseeing GDD, he was instrumental in removing price caps on domain names including .org and .biz.

His LinkedIn profile does not list a new job yet.

Post link: Cyrus Namazi leaves ICANN

© 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. ICANN names Cyrus Namazi VP of GDD
  2. Congress Beats Up ICANN (Part 1)
  3. IRT: Classic Case Study of How Not to Sell a Plan
Categories: News and Updates

At the Crossroads: The State of Domain Registration Data Services

Domain industry news - Tue, 2020-03-31 22:26

The Internet's users rely on domain name registration information for vital purposes, including providing security, problem-solving, and legal and social accountability. The data is so important that users perform more than two billion WHOIS queries every day. ICANN has instituted new data policies over the last two years, and is also directing a migration to a new technical protocol, RDAP, that will replace WHOIS access in the near future. So at this critical juncture, how is it all going?

To find out, Interisle Consulting Group has performed a new study of the state of domain registration data access, "Domain Name Registration Data at the Crossroads." The report examines compliance with ICANN's current policies and operational standards. The investigation found widespread compliance and technical failures, leading to decreased basic access, and an erosion of reliability and predictability.

The report examines the practices of 23 registrars, which collectively sponsor more than two-thirds of the domain names in the generic top-level domains (gTLDs). The study answers five questions for each registrar:

  1. Does the registrar have a WHOIS service that functions properly and meets contractual obligations?
  2. Does the registrar have an RDAP service that functions properly and meets contractual obligations?
  3. Does the registrar comply with ICANN's current data handling and display policy, the "Temporary Specification for gTLD Registration Data"?
  4. Can Internet users always find information in the WHOIS and RDAP services that allows them to reach out to a domain contact?
  5. Does the registrar's contactability mechanism actually work? Is it possible to use the contact mechanism, and are the messages delivered to the domain contacts?
    1. The study's findings include:

      • Registrars failed to meet the contractual obligations, and contactability goals in 40% of the cases studied. There were issues in an additional 16% of cases
      • A significant portion of the registrar industry is still not running reliable and compliant WHOIS services.
      • After one-and-a-half years, a significant percentage of registrars do not fully comply with ICANN's Temporary Specification.
      • A number of registrars mis-handle their obligations under GDPR.
      • Some registrars prevent people from reaching out to domain owners. Some registrars do not make the required contactability information available as required. Others have deployed procedures that make it difficult for people to contact their registrants. In some cases, the contactability mechanisms provided by registrars literally fail to deliver.
      • Some registrars constrain access to the non-sensitive domain registration data (the "public data set"). This set contains no personally identifiable information, so there is no privacy reason to protect it. Restricting access to it prevents its use for important and legally allowable purposes, such as cybersecurity.
      • RDAP services are not yet technically reliable enough for use. RDAP became mandatory for registrars and registry operators to provide in August 2019, but as of March 2020 the rollout is moving very slowly, and there are operational and compliance problems.
      • The problems raise questions about ICANN's compliance practices.

      The study also provides examples of how these problems have real-life implications for security, stability, and trust on the Internet, including for detecting and mitigating cybercrime during the current COVID-19 pandemic. The report also provides a set of recommendations for positive change.

      The report and data is available in an Executive Summary, the full report, and the registrar scoring table.

      Written by Greg Aaron, President, Illumintel Inc.

      Follow CircleID on Twitter

      More under: Coronavirus, Cybersecurity, DNS, Domain Names, Internet Governance, Policy & Regulation, Whois

Categories: News and Updates

Will COVID-19 Traffic Kill the Internet?

Domain industry news - Tue, 2020-03-31 21:44

Map by Cloudflare showing the impact of Coronavirus on Internet traffic in major cities between early January and late March 2020. The green areas indicate growth in traffic and the red areas indicate where it has decreased between.This is the question being asked all across the industry as the volume of data traffic has leaped upward due to students and employees working from their homes. We got our first glimpse of the impact of the crisis when Verizon announced a week into the crisis that they were seeing a 22% increase in data traffic in their network. More recently, AT&T announced a 27% increase in network traffic. In perhaps a peek at what might be coming, Italy, which has been in lockdown for longer than the US has seen a 90% increase in Internet traffic.

The answer to the question differs depending on somebody's perspective of the network. For example, Evan Swartztrauber, described as an advisor to the FCC, says that the US Internet network is handling the surge in traffic just fine. He says the increased volume is significant, but it's not at the same level as what is seen during the Superbowl or the finale of Game of Thrones. That's reassuring news to hear, but he's talking from the perspective of the big Internet POPs and the long-haul networks that carry Internet traffic from city to city. Even his answer is a bit glib because we've just seen more than a year's growth in traffic in a matter of weeks, and there must be places in the Internet backbone that need to be beefed up to meet the increased demand.

The question that matters is if Internet performance is getting worse for the average user, which is a question about the last mile network. I've been checking in on clients to understand the impact. So far, everybody with a fiber-to-the-home network says they are weathering the increased volumes, although several clients are looking into increasing bandwidth in a few parts of the network, such as between the core and field huts. Several clients who operate HFC or DSL networks have told me that their biggest problem is with upload speeds. People working from home, as well as students, are using a lot more upload bandwidth as they communicate with office and school servers. Gamers also need significant upload bandwidth. These technologies were not designed to handle significant amounts of uploaded bandwidth, and customer performance is seriously degrading.

Many clients also say that they are increasing the bandwidth needed to connect to the Internet. Luckily most of them can do this easily, but some rural clients are constrained on the ability to easily add more bandwidth.

What nobody is talking about is the last-mile networks that were already broken. For example, I helped a rural county to get citizens to take speed tests right before the pandemic, and we found almost no rural households in that county with broadband speed greater than 5 Mbps — and most are far under that modest number. These customers are served with DSL or fixed wireless broadband, and the local telco and WISPs are obviously bandwidth restricted either due to older technology or due to lack of backbone bandwidth.

Rural networks that are already underperforming might easily collapse under increased bandwidth usage. A 30% increase in usage won't cut speeds by just 30%; the extra usage is likely to crash the networks. A large portion of rural America already has dreadful broadband. There are terrible ramifications if a network that is only delivering 3 Mbps broadband today gets further stressed. Degraded usage means that a home where a student might have been able to connect to a school server before COVID-19 might now be unable to maintain a connection. Good luck to somebody trying to connect to an office server as they work from home for the first time. And considering that some of these stressed rural networks have upload speeds measured in kilobits per second, good luck to anybody wanting to make a video connection for school or working from home.

Perhaps it's true that the overall US Internet is not in danger yet of collapsing. Networks are going to see additional stress if the shelter-at-home restrictions carry through April and into May or June. What all of the national headlines are missing is that many rural Internet networks were barely functional before the pandemic. I've talked to numerous rural businesses in the last year that don't even have adequate broadband to sustain a credit card transaction. I hear from homes across the country where the Internet is too slow, or latency too high to sustain connections to a school network to do homework. The current burst in new traffic is going to mean that the Internet performance for many rural users is going to go from barely functional to non-functional.

We might see a little relief if some of the biggest bandwidth users of the web cut back on broadband demand. Google announced that they are going to reduce the quality of video signals from YouTube as a way to cut back on the volume of data hitting networks. There is pressure on Netflix to do the same. AT&T announced that Netflix's traffic volumes have hit an all-time high. Netflix announced that it is going to reduce traffic volumes by 25% in Europe but hasn't made the same claim yet for the US. Unfortunately, these fixes are unlikely to make a big difference. The problems in last-mile networks are due to having many more Internet users than before the pandemic, and the sheer number of users, along with their attempts at using bandwidth-hungry applications, is going to kick rural networks in the teeth.

This pandemic has highlighted the horrendous inadequacies of rural broadband. The shortfalls of rural broadband already existed, but with the added traffic volumes, rural broadband is going to significantly worsen. Unfortunately, we didn't see much funding to help rural broadband as part of the recent stimulus plan. I'm pretty sure politicians with rural constituents are going to hear a lot about this — at least constituents with enough bandwidth to tell their story.

Written by Doug Dawson, President at CCG Consulting

Follow CircleID on Twitter

More under: Access Providers, Broadband, Coronavirus, Telecom

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer